[dpdk-dev] [PATCH v4] crypto/aesni_mb: support plain SHA

Fan Zhang roy.fan.zhang at intel.com
Thu Dec 20 13:22:15 CET 2018


This patch adds the plain SHA1, SHA224, SHA256, SHA384, and SHA512
algorithms support to AESNI-MB PMD. The cryptodev unit test and
documentation are updated accordingly.

This patch depends on "[v6] crypto/aesni_mb: support AES-GMAC"
(http://patchwork.dpdk.org/patch/49180/)

Signed-off-by: Damian Nowak <damianx.nowak at intel.com>
Signed-off-by: Lukasz Krakowiak <lukaszx.krakowiak at intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang at intel.com>
---
v4:
- combined patches into one.
- changed title.

v3:
- rebased on top of latest code.
- avoided test for unsupported library versions.

v2:
- added implementation.

 doc/guides/cryptodevs/aesni_mb.rst                 |   6 ++
 doc/guides/rel_notes/release_19_02.rst             |   2 +
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c         |  25 +++++
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c     | 105 +++++++++++++++++++++
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h |   7 ++
 test/test/test_cryptodev_hash_test_vectors.h       |  65 ++++++++++++-
 6 files changed, 205 insertions(+), 5 deletions(-)

diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index 98082595d..26cb4d5b2 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -41,6 +41,11 @@ Hash algorithms:
 * RTE_CRYPTO_HASH_AES_XCBC_HMAC
 * RTE_CRYPTO_HASH_AES_CMAC
 * RTE_CRYPTO_HASH_AES_GMAC
+* RTE_CRYPTO_HASH_SHA1
+* RTE_CRYPTO_HASH_SHA224
+* RTE_CRYPTO_HASH_SHA256
+* RTE_CRYPTO_HASH_SHA384
+* RTE_CRYPTO_HASH_SHA512
 
 AEAD algorithms:
 
@@ -53,6 +58,7 @@ Limitations
 * Chained mbufs are not supported.
 * Only in-place is currently supported (destination address is the same as source address).
 * RTE_CRYPTO_HASH_AES_GMAC is supported by library version v0.51 or later.
+* RTE_CRYPTO_HASH_SHA* is supported by library version v0.52 or later.
 
 
 Installation
diff --git a/doc/guides/rel_notes/release_19_02.rst b/doc/guides/rel_notes/release_19_02.rst
index 3f513a914..104b3a8c7 100644
--- a/doc/guides/rel_notes/release_19_02.rst
+++ b/doc/guides/rel_notes/release_19_02.rst
@@ -66,8 +66,10 @@ New Features
   compression ratio and compression throughput.
 
 * **updated the AESNI-MB PMD.**
+
   * Added support for intel-ipsec-mb version 0.52.
   * Added AES-GMAC algorithm support.
+  * Added Plain SHA1, SHA224, SHA256, SHA384, and SHA512 algorithms support.
 
 
 Removed Items
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index d34cbc36a..4e31735ca 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -107,6 +107,7 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
 	hash_one_block_t hash_oneblock_fn;
 	unsigned int key_larger_block_size = 0;
 	uint8_t hashed_key[HMAC_MAX_BLOCK_SIZE] = { 0 };
+	uint32_t auth_precompute = 1;
 
 	if (xform == NULL) {
 		sess->auth.algo = NULL_HASH;
@@ -237,6 +238,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
 			key_larger_block_size = 1;
 		}
 		break;
+	case RTE_CRYPTO_AUTH_SHA1:
+		sess->auth.algo = PLAIN_SHA1;
+		auth_precompute = 0;
+		break;
 	case RTE_CRYPTO_AUTH_SHA224_HMAC:
 		sess->auth.algo = SHA_224;
 		hash_oneblock_fn = mb_mgr->sha224_one_block;
@@ -248,6 +253,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
 			key_larger_block_size = 1;
 		}
 		break;
+	case RTE_CRYPTO_AUTH_SHA224:
+		sess->auth.algo = PLAIN_SHA_224;
+		auth_precompute = 0;
+		break;
 	case RTE_CRYPTO_AUTH_SHA256_HMAC:
 		sess->auth.algo = SHA_256;
 		hash_oneblock_fn = mb_mgr->sha256_one_block;
@@ -259,6 +268,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
 			key_larger_block_size = 1;
 		}
 		break;
+	case RTE_CRYPTO_AUTH_SHA256:
+		sess->auth.algo = PLAIN_SHA_256;
+		auth_precompute = 0;
+		break;
 	case RTE_CRYPTO_AUTH_SHA384_HMAC:
 		sess->auth.algo = SHA_384;
 		hash_oneblock_fn = mb_mgr->sha384_one_block;
@@ -270,6 +283,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
 			key_larger_block_size = 1;
 		}
 		break;
+	case RTE_CRYPTO_AUTH_SHA384:
+		sess->auth.algo = PLAIN_SHA_384;
+		auth_precompute = 0;
+		break;
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
 		sess->auth.algo = SHA_512;
 		hash_oneblock_fn = mb_mgr->sha512_one_block;
@@ -281,6 +298,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
 			key_larger_block_size = 1;
 		}
 		break;
+	case RTE_CRYPTO_AUTH_SHA512:
+		sess->auth.algo = PLAIN_SHA_512;
+		auth_precompute = 0;
+		break;
 	default:
 		AESNI_MB_LOG(ERR, "Unsupported authentication algorithm selection");
 		return -ENOTSUP;
@@ -302,6 +323,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
 	else
 		sess->auth.gen_digest_len = sess->auth.req_digest_len;
 
+	/* Plain SHA does not require precompute key */
+	if (auth_precompute == 0)
+		return 0;
+
 	/* Calculate Authentication precomputes */
 	if (key_larger_block_size) {
 		calculate_auth_precomputes(hash_oneblock_fn,
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 56d409b4b..c90f6baa3 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -54,6 +54,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* SHA1 */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SHA1,
+				.block_size = 64,
+				.key_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 1,
+					.max = 20,
+					.increment = 1
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 	{	/* SHA224 HMAC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
@@ -75,6 +96,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* SHA224 */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SHA224,
+				.block_size = 64,
+				.key_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 1,
+					.max = 28,
+					.increment = 1
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 	{	/* SHA256 HMAC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
@@ -96,6 +138,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* SHA256 */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SHA256,
+				.block_size = 64,
+				.key_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 1,
+					.max = 32,
+					.increment = 1
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 	{	/* SHA384 HMAC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
@@ -117,6 +180,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* SHA384 */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SHA384,
+				.block_size = 128,
+				.key_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 1,
+					.max = 48,
+					.increment = 1
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 	{	/* SHA512 HMAC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
@@ -138,6 +222,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* SHA512  */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SHA512,
+				.block_size = 128,
+				.key_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 1,
+					.max = 64,
+					.increment = 1
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 	{	/* AES XCBC HMAC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
index d61abfe4f..cdbe7f520 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
@@ -109,6 +109,13 @@ static const unsigned auth_digest_byte_lengths[] = {
 		[AES_CMAC]	= 16,
 		[AES_GMAC]	= 12,
 		[NULL_HASH]	= 0,
+#if IMB_VERSION_NUM >= IMB_VERSION(0, 52, 0)
+		[PLAIN_SHA1]	= 20,
+		[PLAIN_SHA_224]	= 28,
+		[PLAIN_SHA_256]	= 32,
+		[PLAIN_SHA_384]	= 48,
+		[PLAIN_SHA_512]	= 64
+#endif
 	/**< Vector mode dependent pointer table of the multi-buffer APIs */
 
 };
diff --git a/test/test/test_cryptodev_hash_test_vectors.h b/test/test/test_cryptodev_hash_test_vectors.h
index 8964a3bac..21bf347f6 100644
--- a/test/test/test_cryptodev_hash_test_vectors.h
+++ b/test/test/test_cryptodev_hash_test_vectors.h
@@ -96,7 +96,8 @@ sha1_test_vector = {
 			0x35, 0x62, 0xFB, 0xFA, 0x93, 0xFD, 0x7D, 0x70,
 			0xA6, 0x7D, 0x45, 0xCA
 		},
-		.len = 20
+		.len = 20,
+		.truncated_len = 20
 	}
 };
 
@@ -140,7 +141,8 @@ sha224_test_vector = {
 			0x39, 0x26, 0xDF, 0xB5, 0x78, 0x62, 0xB2, 0x6E,
 			0x5E, 0x8F, 0x25, 0x84
 		},
-		.len = 28
+		.len = 28,
+		.truncated_len = 28
 	}
 };
 
@@ -186,7 +188,8 @@ sha256_test_vector = {
 			0x1F, 0xC7, 0x84, 0xEE, 0x76, 0xA6, 0x39, 0x15,
 			0x76, 0x2F, 0x87, 0xF9, 0x01, 0x06, 0xF3, 0xB7
 		},
-		.len = 32
+		.len = 32,
+		.truncated_len = 32
 	}
 };
 
@@ -234,7 +237,8 @@ sha384_test_vector = {
 			0xAD, 0x41, 0xAB, 0x15, 0xB0, 0x03, 0x15, 0xEC,
 			0x9E, 0x3D, 0xED, 0xCB, 0x80, 0x7B, 0xF4, 0xB6
 		},
-		.len = 48
+		.len = 48,
+		.truncated_len = 48
 	}
 };
 
@@ -288,7 +292,8 @@ sha512_test_vector = {
 			0x64, 0x4E, 0x15, 0x68, 0x12, 0x67, 0x26, 0x0F,
 			0x2C, 0x3C, 0x83, 0x25, 0x27, 0x86, 0xF0, 0xDB
 		},
-		.len = 64
+		.len = 64,
+		.truncated_len = 64
 	}
 };
 
@@ -428,7 +433,12 @@ static const struct blockcipher_test_case hash_test_cases[] = {
 		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
 			    BLOCKCIPHER_TEST_TARGET_PMD_CCP |
 			    BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
+#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM
 			    BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX
+#else
+			    BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX |
+			    BLOCKCIPHER_TEST_TARGET_PMD_MB
+#endif
 	},
 	{
 		.test_descr = "SHA1 Digest Verify",
@@ -437,7 +447,12 @@ static const struct blockcipher_test_case hash_test_cases[] = {
 		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
 			    BLOCKCIPHER_TEST_TARGET_PMD_CCP |
 			    BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
+#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM
 			    BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX
+#else
+			    BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX |
+			    BLOCKCIPHER_TEST_TARGET_PMD_MB
+#endif
 	},
 	{
 		.test_descr = "HMAC-SHA1 Digest",
@@ -496,7 +511,12 @@ static const struct blockcipher_test_case hash_test_cases[] = {
 		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
 			    BLOCKCIPHER_TEST_TARGET_PMD_CCP |
 			    BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
+#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM
 			    BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX
+#else
+			    BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX |
+			    BLOCKCIPHER_TEST_TARGET_PMD_MB
+#endif
 	},
 	{
 		.test_descr = "SHA224 Digest Verify",
@@ -505,7 +525,12 @@ static const struct blockcipher_test_case hash_test_cases[] = {
 		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
 			    BLOCKCIPHER_TEST_TARGET_PMD_CCP |
 			    BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
+#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM
 			    BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX
+#else
+			    BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX |
+			    BLOCKCIPHER_TEST_TARGET_PMD_MB
+#endif
 	},
 	{
 		.test_descr = "HMAC-SHA224 Digest",
@@ -542,7 +567,12 @@ static const struct blockcipher_test_case hash_test_cases[] = {
 		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
 			    BLOCKCIPHER_TEST_TARGET_PMD_CCP |
 			    BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
+#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM
 			    BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX
+#else
+			    BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX |
+			    BLOCKCIPHER_TEST_TARGET_PMD_MB
+#endif
 	},
 	{
 		.test_descr = "SHA256 Digest Verify",
@@ -551,7 +581,12 @@ static const struct blockcipher_test_case hash_test_cases[] = {
 		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
 			    BLOCKCIPHER_TEST_TARGET_PMD_CCP |
 			    BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
+#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM
 			    BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX
+#else
+			    BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX |
+			    BLOCKCIPHER_TEST_TARGET_PMD_MB
+#endif
 	},
 	{
 		.test_descr = "HMAC-SHA256 Digest",
@@ -590,7 +625,12 @@ static const struct blockcipher_test_case hash_test_cases[] = {
 		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
 			    BLOCKCIPHER_TEST_TARGET_PMD_CCP |
 			    BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
+#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM
 			    BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX
+#else
+			    BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX |
+			    BLOCKCIPHER_TEST_TARGET_PMD_MB
+#endif
 	},
 	{
 		.test_descr = "SHA384 Digest Verify",
@@ -599,7 +639,12 @@ static const struct blockcipher_test_case hash_test_cases[] = {
 		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
 			    BLOCKCIPHER_TEST_TARGET_PMD_CCP |
 			    BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
+#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM
 			    BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX
+#else
+			    BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX |
+			    BLOCKCIPHER_TEST_TARGET_PMD_MB
+#endif
 	},
 	{
 		.test_descr = "HMAC-SHA384 Digest",
@@ -638,7 +683,12 @@ static const struct blockcipher_test_case hash_test_cases[] = {
 		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
 			    BLOCKCIPHER_TEST_TARGET_PMD_CCP |
 			    BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
+#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM
 			    BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX
+#else
+			    BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX |
+			    BLOCKCIPHER_TEST_TARGET_PMD_MB
+#endif
 	},
 	{
 		.test_descr = "SHA512 Digest Verify",
@@ -647,7 +697,12 @@ static const struct blockcipher_test_case hash_test_cases[] = {
 		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
 			    BLOCKCIPHER_TEST_TARGET_PMD_CCP |
 			    BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
+#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM
 			    BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX
+#else
+			    BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX |
+			    BLOCKCIPHER_TEST_TARGET_PMD_MB
+#endif
 	},
 	{
 		.test_descr = "HMAC-SHA512 Digest",
-- 
2.13.6



More information about the dev mailing list