[dpdk-dev] [PATCH] crypto/aesni_mb: add AES-CCM support

Fan Zhang roy.fan.zhang at intel.com
Tue Nov 28 15:11:16 CET 2017


Add support to AES-CCM, for 128, 192 and 256-bit keys.

Signed-off-by: Fan Zhang <roy.fan.zhang at intel.com>
---
 doc/guides/cryptodevs/aesni_mb.rst                 |   4 +
 doc/guides/cryptodevs/features/aesni_mb.ini        |   3 +
 doc/guides/rel_notes/release_18_02.rst             |   5 +
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c         | 101 +++++++++++++++++++++
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c     |  31 ++++++-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h |   5 +
 test/test/test_cryptodev.c                         |   6 ++
 7 files changed, 154 insertions(+), 1 deletion(-)

diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index 79e722c..081fdff 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -65,6 +65,10 @@ Hash algorithms:
 * RTE_CRYPTO_HASH_SHA512_HMAC
 * RTE_CRYPTO_HASH_AES_XCBC_HMAC
 
+AEAD algorithms:
+
+* RTE_CRYPTO_AEAD_AES_CCM
+
 Limitations
 -----------
 
diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini
index fab07cb..d1f268d 100644
--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@@ -42,3 +42,6 @@ AES XCBC MAC = Y
 ; Supported AEAD algorithms of the 'aesni_mb' crypto driver.
 ;
 [AEAD]
+AES CCM (128) = Y
+AES CCM (192) = Y
+AES CCM (256) = Y
diff --git a/doc/guides/rel_notes/release_18_02.rst b/doc/guides/rel_notes/release_18_02.rst
index 24b67bb..0da12cb 100644
--- a/doc/guides/rel_notes/release_18_02.rst
+++ b/doc/guides/rel_notes/release_18_02.rst
@@ -41,6 +41,11 @@ New Features
      Also, make sure to start the actual text at the margin.
      =========================================================
 
+* **Updated the AESNI-MB PMD.**
+
+  The AESNI-MB PMD has been updated with additional support for:
+
+  * AES-CCM algorithm.
 
 API Changes
 -----------
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 7004389..22153fa 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -110,6 +110,15 @@ aesni_mb_get_chain_order(const struct rte_crypto_sym_xform *xform)
 			return AESNI_MB_OP_HASH_CIPHER;
 	}
 
+	if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+		if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_CCM) {
+			if (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
+				return AESNI_MB_OP_AEAD_HASH_CIPHER;
+			else
+				return AESNI_MB_OP_AEAD_CIPHER_HASH;
+		}
+	}
+
 	return AESNI_MB_OP_NOT_SUPPORTED;
 }
 
@@ -285,6 +294,78 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_op_fns *mb_ops,
 	return 0;
 }
 
+static int
+aesni_mb_set_session_aead_parameters(const struct aesni_mb_op_fns *mb_ops,
+		struct aesni_mb_session *sess,
+		const struct rte_crypto_sym_xform *xform)
+{
+	aes_keyexp_t aes_keyexp_fn;
+
+	if (xform == NULL) {
+		sess->cipher.mode = NULL_CIPHER;
+		sess->auth.algo = NULL_HASH;
+		return 0;
+	}
+
+	if (xform->type != RTE_CRYPTO_SYM_XFORM_AEAD) {
+		MB_LOG_ERR("Crypto xform struct not of type aead");
+		return -EINVAL;
+	}
+
+	switch (xform->aead.op) {
+	case RTE_CRYPTO_AEAD_OP_ENCRYPT:
+		sess->cipher.direction = ENCRYPT;
+		break;
+	case RTE_CRYPTO_AEAD_OP_DECRYPT:
+		sess->cipher.direction = DECRYPT;
+		break;
+	default:
+		MB_LOG_ERR("Invalid aead operation parameter");
+		return -EINVAL;
+	}
+
+	switch (xform->aead.algo) {
+	case RTE_CRYPTO_AEAD_AES_CCM:
+		sess->cipher.mode = CCM;
+		sess->auth.algo = AES_CCM;
+		break;
+	default:
+		MB_LOG_ERR("Unsupported aead mode parameter");
+		return -ENOTSUP;
+	}
+
+	/* Set IV parameters */
+	sess->iv.offset = xform->cipher.iv.offset;
+	sess->iv.length = xform->cipher.iv.length;
+
+	/* Check key length and choose key expansion function for AES */
+
+	switch (xform->aead.key.length) {
+	case AES_128_BYTES:
+		sess->cipher.key_length_in_bytes = AES_128_BYTES;
+		aes_keyexp_fn = mb_ops->aux.keyexp.aes128;
+		break;
+	case AES_192_BYTES:
+		sess->cipher.key_length_in_bytes = AES_192_BYTES;
+		aes_keyexp_fn = mb_ops->aux.keyexp.aes192;
+		break;
+	case AES_256_BYTES:
+		sess->cipher.key_length_in_bytes = AES_256_BYTES;
+		aes_keyexp_fn = mb_ops->aux.keyexp.aes256;
+		break;
+	default:
+		MB_LOG_ERR("Invalid cipher key length");
+		return -EINVAL;
+	}
+
+	/* Expanded cipher keys */
+	(*aes_keyexp_fn)(xform->aead.key.data,
+			sess->cipher.expanded_aes_keys.encode,
+			sess->cipher.expanded_aes_keys.decode);
+
+	return 0;
+}
+
 /** Parse crypto xform chain and set private session parameters */
 int
 aesni_mb_set_session_parameters(const struct aesni_mb_op_fns *mb_ops,
@@ -293,6 +374,7 @@ aesni_mb_set_session_parameters(const struct aesni_mb_op_fns *mb_ops,
 {
 	const struct rte_crypto_sym_xform *auth_xform = NULL;
 	const struct rte_crypto_sym_xform *cipher_xform = NULL;
+	const struct rte_crypto_sym_xform *aead_xform = NULL;
 	int ret;
 
 	/* Select Crypto operation - hash then cipher / cipher then hash */
@@ -326,6 +408,16 @@ aesni_mb_set_session_parameters(const struct aesni_mb_op_fns *mb_ops,
 		auth_xform = NULL;
 		cipher_xform = xform;
 		break;
+	case AESNI_MB_OP_AEAD_CIPHER_HASH:
+		sess->chain_order = CIPHER_HASH;
+		sess->aad_len = xform->aead.aad_length;
+		aead_xform = xform;
+		break;
+	case AESNI_MB_OP_AEAD_HASH_CIPHER:
+		sess->chain_order = HASH_CIPHER;
+		sess->aad_len = xform->aead.aad_length;
+		aead_xform = xform;
+		break;
 	case AESNI_MB_OP_NOT_SUPPORTED:
 	default:
 		MB_LOG_ERR("Unsupported operation chain order parameter");
@@ -348,6 +440,12 @@ aesni_mb_set_session_parameters(const struct aesni_mb_op_fns *mb_ops,
 		return ret;
 	}
 
+	ret = aesni_mb_set_session_aead_parameters(mb_ops, sess, aead_xform);
+	if (ret != 0) {
+		MB_LOG_ERR("Invalid/unsupported aead parameters");
+		return ret;
+	}
+
 	return 0;
 }
 
@@ -462,6 +560,9 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 		job->_k1_expanded = session->auth.xcbc.k1_expanded;
 		job->_k2 = session->auth.xcbc.k2;
 		job->_k3 = session->auth.xcbc.k3;
+	} else if (job->hash_alg == AES_CCM) {
+		job->u.CCM.aad = op->sym->aead.aad.data;
+		job->u.CCM.aad_len_in_bytes = session->aad_len;
 	} else {
 		job->hashed_auth_key_xor_ipad = session->auth.pads.inner;
 		job->hashed_auth_key_xor_opad = session->auth.pads.outer;
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 3b3ef0c..3eb2d7a 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -287,7 +287,36 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
-
+	{	/* AES CCM */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			{.aead = {
+				.algo = RTE_CRYPTO_AEAD_AES_CCM,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 4,
+					.max = 16,
+					.increment = 2
+				},
+				.aad_size = {
+					.min = 0,
+					.max = 224,
+					.increment = 1
+				},
+				.iv_size = {
+					.min = 7,
+					.max = 13,
+					.increment = 1
+				},
+			}, }
+		}, }
+	},
 
 
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
index fe3bd73..7d45295 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
@@ -137,6 +137,8 @@ enum aesni_mb_operation {
 	AESNI_MB_OP_CIPHER_HASH,
 	AESNI_MB_OP_HASH_ONLY,
 	AESNI_MB_OP_CIPHER_ONLY,
+	AESNI_MB_OP_AEAD_HASH_CIPHER,
+	AESNI_MB_OP_AEAD_CIPHER_HASH,
 	AESNI_MB_OP_NOT_SUPPORTED
 };
 
@@ -238,6 +240,9 @@ struct aesni_mb_session {
 			/**< Expanded XCBC authentication keys */
 		};
 	} auth;
+
+	/** AAD data length */
+	uint16_t aad_len;
 } __rte_cache_aligned;
 
 
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 1bed65d..36867dc 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -8746,6 +8746,12 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite  = {
 						test_DES_cipheronly_mb_all),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 						test_DES_docsis_mb_all),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_CCM_authenticated_decryption_test_case_128_1),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_CCM_authenticated_decryption_test_case_128_2),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_CCM_authenticated_decryption_test_case_128_3),
 
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
-- 
2.9.5



More information about the dev mailing list