From ade02f0f3e7fbb5acd98b2fdf5fce0945ad9554a Mon Sep 17 00:00:00 2001 From: Pablo de Lara Date: Thu, 5 Oct 2017 06:27:58 +0100 Subject: [PATCH] crypto/aesni_mb: support DES The Multi-buffer library now supports DES-CBC and DES-DOCSISBPI algorithms, so this commit extends adds support for them in the PMD. Signed-off-by: Pablo de Lara Acked-by: Fan Zhang Reviewed-by: Radu Nicolau --- doc/guides/cryptodevs/aesni_mb.rst | 2 + doc/guides/cryptodevs/features/aesni_mb.ini | 3 + doc/guides/rel_notes/release_17_11.rst | 10 +++ drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 72 +++++++++++++------ .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 42 +++++++++++ test/test/test_cryptodev.c | 42 +++++++++++ test/test/test_cryptodev_des_test_vectors.h | 24 ++++--- 7 files changed, 164 insertions(+), 31 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 49419e3191..79e722c6e2 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -52,6 +52,8 @@ Cipher algorithms: * RTE_CRYPTO_CIPHER_AES192_CTR * RTE_CRYPTO_CIPHER_AES256_CTR * RTE_CRYPTO_CIPHER_AES_DOCSISBPI +* RTE_CRYPTO_CIPHER_DES_CBC +* RTE_CRYPTO_CIPHER_DES_DOCSISBPI Hash algorithms: diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index 03d8485da3..fab07cb2b7 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -23,6 +23,9 @@ AES CTR (128) = Y AES CTR (192) = Y AES CTR (256) = Y AES DOCSIS BPI = Y +DES CBC = Y +DES DOCSIS BPI = Y + ; ; Supported authentication algorithms of the 'aesni_mb' crypto driver. ; diff --git a/doc/guides/rel_notes/release_17_11.rst b/doc/guides/rel_notes/release_17_11.rst index eeda6d38a4..7704559081 100644 --- a/doc/guides/rel_notes/release_17_11.rst +++ b/doc/guides/rel_notes/release_17_11.rst @@ -89,6 +89,16 @@ New Features * Coalesce writes to HEAD CSR on response processing. * Coalesce writes to TAIL CSR on request processing. +* **Updated the AESNI MB PMD.** + + The AESNI MB PMD has been updated with additional support for: + + * DES CBC algorithm. + * DES DOCSIS BPI algorithm. + + This requires the IPSec Multi-buffer library 0.47. For more details, + check out the AESNI MB PMD documenation. + * **Add new benchmarking mode to dpdk-test-crypto-perf application.** Added new "PMD cyclecount" benchmark mode to dpdk-test-crypto-perf application diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index f91504d660..49242fc557 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -30,6 +30,8 @@ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include + #include #include #include @@ -188,6 +190,7 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_op_fns *mb_ops, struct aesni_mb_session *sess, const struct rte_crypto_sym_xform *xform) { + uint8_t is_aes = 0; aes_keyexp_t aes_keyexp_fn; if (xform == NULL) { @@ -217,45 +220,68 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_op_fns *mb_ops, switch (xform->cipher.algo) { case RTE_CRYPTO_CIPHER_AES_CBC: sess->cipher.mode = CBC; + is_aes = 1; break; case RTE_CRYPTO_CIPHER_AES_CTR: sess->cipher.mode = CNTR; + is_aes = 1; break; case RTE_CRYPTO_CIPHER_AES_DOCSISBPI: sess->cipher.mode = DOCSIS_SEC_BPI; + is_aes = 1; break; - default: - MB_LOG_ERR("Unsupported cipher mode parameter"); - return -ENOTSUP; - } - - /* Check key length and choose key expansion function */ - switch (xform->cipher.key.length) { - case AES_128_BYTES: - sess->cipher.key_length_in_bytes = AES_128_BYTES; - aes_keyexp_fn = mb_ops->aux.keyexp.aes128; + case RTE_CRYPTO_CIPHER_DES_CBC: + sess->cipher.mode = DES; break; - case AES_192_BYTES: - sess->cipher.key_length_in_bytes = AES_192_BYTES; - aes_keyexp_fn = mb_ops->aux.keyexp.aes192; - break; - case AES_256_BYTES: - sess->cipher.key_length_in_bytes = AES_256_BYTES; - aes_keyexp_fn = mb_ops->aux.keyexp.aes256; + case RTE_CRYPTO_CIPHER_DES_DOCSISBPI: + sess->cipher.mode = DOCSIS_DES; break; default: - MB_LOG_ERR("Invalid cipher key length"); - return -EINVAL; + MB_LOG_ERR("Unsupported cipher mode parameter"); + return -ENOTSUP; } /* Set IV parameters */ sess->iv.offset = xform->cipher.iv.offset; sess->iv.length = xform->cipher.iv.length; - /* Expanded cipher keys */ - (*aes_keyexp_fn)(xform->cipher.key.data, - sess->cipher.expanded_aes_keys.encode, - sess->cipher.expanded_aes_keys.decode); + /* Check key length and choose key expansion function for AES */ + if (is_aes) { + switch (xform->cipher.key.length) { + case AES_128_BYTES: + sess->cipher.key_length_in_bytes = AES_128_BYTES; + aes_keyexp_fn = mb_ops->aux.keyexp.aes128; + break; + case AES_192_BYTES: + sess->cipher.key_length_in_bytes = AES_192_BYTES; + aes_keyexp_fn = mb_ops->aux.keyexp.aes192; + break; + case AES_256_BYTES: + sess->cipher.key_length_in_bytes = AES_256_BYTES; + aes_keyexp_fn = mb_ops->aux.keyexp.aes256; + break; + default: + MB_LOG_ERR("Invalid cipher key length"); + return -EINVAL; + } + + /* Expanded cipher keys */ + (*aes_keyexp_fn)(xform->cipher.key.data, + sess->cipher.expanded_aes_keys.encode, + sess->cipher.expanded_aes_keys.decode); + + } else { + if (xform->cipher.key.length != 8) { + MB_LOG_ERR("Invalid cipher key length"); + return -EINVAL; + } + sess->cipher.key_length_in_bytes = 8; + + des_key_schedule((uint64_t *)sess->cipher.expanded_aes_keys.encode, + xform->cipher.key.data); + des_key_schedule((uint64_t *)sess->cipher.expanded_aes_keys.decode, + xform->cipher.key.data); + } return 0; } diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 4be9b80268..2e52ac2c52 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -247,6 +247,48 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* DES CBC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_DES_CBC, + .block_size = 8, + .key_size = { + .min = 8, + .max = 8, + .increment = 0 + }, + .iv_size = { + .min = 8, + .max = 8, + .increment = 0 + } + }, } + }, } + }, + { /* DES DOCSIS BPI */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_DES_DOCSISBPI, + .block_size = 8, + .key_size = { + .min = 8, + .max = 8, + .increment = 0 + }, + .iv_size = { + .min = 8, + .max = 8, + .increment = 0 + } + }, } + }, } + }, + + RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c index 132f99c20e..aa0ca51420 100644 --- a/test/test/test_cryptodev.c +++ b/test/test/test_cryptodev.c @@ -4690,6 +4690,44 @@ test_DES_docsis_openssl_all(void) return TEST_SUCCESS; } +static int +test_DES_cipheronly_mb_all(void) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + int status; + + status = test_blockcipher_all_tests(ts_params->mbuf_pool, + ts_params->op_mpool, + ts_params->session_mpool, + ts_params->valid_devs[0], + rte_cryptodev_driver_id_get( + RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD)), + BLKCIPHER_DES_CIPHERONLY_TYPE); + + TEST_ASSERT_EQUAL(status, 0, "Test failed"); + + return TEST_SUCCESS; +} + +static int +test_DES_docsis_mb_all(void) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + int status; + + status = test_blockcipher_all_tests(ts_params->mbuf_pool, + ts_params->op_mpool, + ts_params->session_mpool, + ts_params->valid_devs[0], + rte_cryptodev_driver_id_get( + RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD)), + BLKCIPHER_DES_DOCSIS_TYPE); + + TEST_ASSERT_EQUAL(status, 0, "Test failed"); + + return TEST_SUCCESS; +} + static int test_3DES_chain_dpaa2_sec_all(void) { @@ -8289,6 +8327,10 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = { TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_docsis_mb_all), TEST_CASE_ST(ut_setup, ut_teardown, test_authonly_mb_all), + TEST_CASE_ST(ut_setup, ut_teardown, + test_DES_cipheronly_mb_all), + TEST_CASE_ST(ut_setup, ut_teardown, + test_DES_docsis_mb_all), TEST_CASES_END() /**< NULL terminate unit test array */ } diff --git a/test/test/test_cryptodev_des_test_vectors.h b/test/test/test_cryptodev_des_test_vectors.h index 0b6e0b8dae..9bb3618cf2 100644 --- a/test/test/test_cryptodev_des_test_vectors.h +++ b/test/test/test_cryptodev_des_test_vectors.h @@ -851,13 +851,15 @@ static const struct blockcipher_test_case des_cipheronly_test_cases[] = { .test_descr = "DES-CBC Encryption", .test_data = &des_cbc_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_QAT + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "DES-CBC Decryption", .test_data = &des_cbc_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_QAT + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, }; @@ -965,42 +967,48 @@ static const struct blockcipher_test_case des_docsis_test_cases[] = { .test_data = &des_test_data_1, .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "DES-DOCSIS-BPI Runt Block Encryption", .test_data = &des_test_data_2, .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "DES-DOCSIS-BPI Uneven Encryption", .test_data = &des_test_data_3, .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "DES-DOCSIS-BPI Full Block Decryption", .test_data = &des_test_data_1, .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "DES-DOCSIS-BPI Runt Block Decryption", .test_data = &des_test_data_2, .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "DES-DOCSIS-BPI Uneven Decryption", .test_data = &des_test_data_3, .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "DES-DOCSIS-BPI OOP Full Block Encryption", -- 2.20.1