crypto/aesni_mb: support AES DOCSIS BPI

Underlying IPSec Multi buffer library implements DOCSIS specification, so this commit adds support for this new feature, which combines AES-CBC for full AES blocks (16 bytes) and AES-CFB for last runt block (less than 16 bytes). Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Declan Doherty <declan.doherty@intel.com>
2017-02-23 15:06:29 +00:00 · 2017-02-23 15:06:29 +00:00 · c1296f67b0
commit c1296f67b0
parent 1cdeb1c512
9 changed files with 203 additions and 7 deletions
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@ -51,6 +51,7 @@ Cipher algorithms:
 * RTE_CRYPTO_CIPHER_AES128_CTR
 * RTE_CRYPTO_CIPHER_AES192_CTR
 * RTE_CRYPTO_CIPHER_AES256_CTR
+* RTE_CRYPTO_CIPHER_AES_DOCSISBPI

 Hash algorithms:

--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@ -16,13 +16,13 @@ CPU AESNI              = Y
 ; Supported crypto algorithms of the 'aesni_mb' crypto driver.
 ;
 [Cipher]
-AES CBC (128) = Y
-AES CBC (192) = Y
-AES CBC (256) = Y
-AES CTR (128) = Y
-AES CTR (192) = Y
-AES CTR (256) = Y
-
+AES CBC (128)  = Y
+AES CBC (192)  = Y
+AES CBC (256)  = Y
+AES CTR (128)  = Y
+AES CTR (192)  = Y
+AES CTR (256)  = Y
+AES DOCSIS BPI = Y
 ;
 ; Supported authentication algorithms of the 'aesni_mb' crypto driver.
 ;
--- a/doc/guides/rel_notes/release_17_05.rst
+++ b/doc/guides/rel_notes/release_17_05.rst
@ -245,6 +245,12 @@ New Features
    primary slave first. Then, any operation that cannot be enqueued is
    enqueued to a secondary slave.

+* **Updated the AESNI MB PMD.**
+
+  The AESNI MB PMD has been updated with additional support for:
+
+  * AES DOCSIS BPI algorithm.
+
 Resolved Issues
 ---------------

--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@ -218,6 +218,9 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_op_fns *mb_ops,
 	case RTE_CRYPTO_CIPHER_AES_CTR:
 		sess->cipher.mode = CNTR;
 		break;
+	case RTE_CRYPTO_CIPHER_AES_DOCSISBPI:
+		sess->cipher.mode = DOCSIS_SEC_BPI;
+		break;
 	default:
 		MB_LOG_ERR("Unsupported cipher mode parameter");
 		return -1;
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@ -227,6 +227,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* AES DOCSIS BPI */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.iv_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
+
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };

--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@ -1531,6 +1531,22 @@ test_AES_cipheronly_mb_all(void)
 	return TEST_SUCCESS;
 }

+static int
+test_AES_docsis_mb_all(void)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	int status;
+
+	status = test_blockcipher_all_tests(ts_params->mbuf_pool,
+		ts_params->op_mpool, ts_params->valid_devs[0],
+		RTE_CRYPTODEV_AESNI_MB_PMD,
+		BLKCIPHER_AES_DOCSIS_TYPE);
+
+	TEST_ASSERT_EQUAL(status, 0, "Test failed");
+
+	return TEST_SUCCESS;
+}
+
 static int
 test_authonly_mb_all(void)
 {
@ -7673,6 +7689,7 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite  = {
 	.unit_test_cases = {
 		TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_mb_all),
 		TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all),
+		TEST_CASE_ST(ut_setup, ut_teardown, test_AES_docsis_mb_all),
 		TEST_CASE_ST(ut_setup, ut_teardown, test_authonly_mb_all),

 		TEST_CASES_END() /**< NULL terminate unit test array */
--- a/test/test/test_cryptodev_aes_test_vectors.h
+++ b/test/test/test_cryptodev_aes_test_vectors.h
@ -56,6 +56,26 @@ static const uint8_t ciphertext64_aes128ctr[] = {
 	0x79, 0x21, 0x70, 0xA0, 0xF3, 0x00, 0x9C, 0xEE
 };

+static const uint8_t plaintext_aes_docsis_bpi_cfb[] = {
+	0x00, 0x01, 0x02, 0x88, 0xEE, 0x59, 0x7E
+};
+
+static const uint8_t ciphertext_aes_docsis_bpi_cfb[] = {
+	0xFC, 0x68, 0xA3, 0x55, 0x60, 0x37, 0xDC
+};
+
+static const uint8_t plaintext_aes_docsis_bpi_cbc_cfb[] = {
+	0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+	0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x91,
+	0xD2, 0xD1, 0x9F
+};
+
+static const uint8_t ciphertext_aes_docsis_bpi_cbc_cfb[] = {
+	0x9D, 0xD1, 0x67, 0x4B, 0xBA, 0x61, 0x10, 0x1B,
+	0x56, 0x75, 0x64, 0x74, 0x36, 0x4F, 0x10, 0x1D,
+	0x44, 0xD4, 0x73
+};
+
 static const uint8_t plaintext_aes192ctr[] = {
 	0x01, 0x0F, 0x10, 0x1F, 0x20, 0x1C, 0x0E, 0xB8,
 	0xFB, 0x5C, 0xCD, 0xCC, 0x1F, 0xF9, 0xAF, 0x0B,
@ -917,6 +937,89 @@ static const struct blockcipher_test_data aes_test_data_13 = {
 	}
 };

+/* AES-DOCSIS-BPI test vectors */
+
+/* Multiple of AES block size */
+static const struct blockcipher_test_data aes_test_data_docsis_1 = {
+	.crypto_algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI,
+	.cipher_key = {
+		.data = {
+			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
+		},
+		.len = 16
+	},
+	.iv = {
+		.data = {
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = plaintext_aes_common,
+		.len = 512
+	},
+	.ciphertext = {
+		.data = ciphertext512_aes128cbc,
+		.len = 512
+	}
+};
+
+/* Less than AES block size */
+static const struct blockcipher_test_data aes_test_data_docsis_2 = {
+	.crypto_algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI,
+	.cipher_key = {
+		.data = {
+			0xE6, 0x60, 0x0F, 0xD8, 0x85, 0x2E, 0xF5, 0xAB,
+			0xE6, 0x60, 0x0F, 0xD8, 0x85, 0x2E, 0xF5, 0xAB
+		},
+		.len = 16
+	},
+	.iv = {
+		.data = {
+			0x81, 0x0E, 0x52, 0x8E, 0x1C, 0x5F, 0xDA, 0x1A,
+			0x81, 0x0E, 0x52, 0x8E, 0x1C, 0x5F, 0xDA, 0x1A
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = plaintext_aes_docsis_bpi_cfb,
+		.len = 7
+	},
+	.ciphertext = {
+		.data = ciphertext_aes_docsis_bpi_cfb,
+		.len = 7
+	}
+};
+
+/* Not multiple of AES block size */
+static const struct blockcipher_test_data aes_test_data_docsis_3 = {
+	.crypto_algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI,
+	.cipher_key = {
+		.data = {
+			0xE6, 0x60, 0x0F, 0xD8, 0x85, 0x2E, 0xF5, 0xAB,
+			0xE6, 0x60, 0x0F, 0xD8, 0x85, 0x2E, 0xF5, 0xAB
+		},
+		.len = 16
+	},
+	.iv = {
+		.data = {
+			0x81, 0x0E, 0x52, 0x8E, 0x1C, 0x5F, 0xDA, 0x1A,
+			0x81, 0x0E, 0x52, 0x8E, 0x1C, 0x5F, 0xDA, 0x1A
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = plaintext_aes_docsis_bpi_cbc_cfb,
+		.len = 19
+	},
+	.ciphertext = {
+		.data = ciphertext_aes_docsis_bpi_cbc_cfb,
+		.len = 19
+	}
+};
+
 static const struct blockcipher_test_case aes_chain_test_cases[] = {
 	{
 		.test_descr = "AES-128-CTR HMAC-SHA1 Encryption Digest",
@ -1330,4 +1433,43 @@ static const struct blockcipher_test_case aes_cipheronly_test_cases[] = {
 	},
 };

+static const struct blockcipher_test_case aes_docsis_test_cases[] = {
+
+	{
+		.test_descr = "AES-DOCSIS-BPI Full Block Encryption",
+		.test_data = &aes_test_data_docsis_1,
+		.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
+		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_MB
+	},
+	{
+		.test_descr = "AES-DOCSIS-BPI Runt Block Encryption",
+		.test_data = &aes_test_data_docsis_2,
+		.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
+		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_MB
+	},
+	{
+		.test_descr = "AES-DOCSIS-BPI Uneven Encryption",
+		.test_data = &aes_test_data_docsis_3,
+		.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
+		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_MB
+	},
+	{
+		.test_descr = "AES-DOCSIS-BPI Full Block Decryption",
+		.test_data = &aes_test_data_docsis_1,
+		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
+		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_MB
+	},
+	{
+		.test_descr = "AES-DOCSIS-BPI Runt Block Decryption",
+		.test_data = &aes_test_data_docsis_2,
+		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
+		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_MB
+	},
+	{
+		.test_descr = "AES-DOCSIS-BPI Uneven Decryption",
+		.test_data = &aes_test_data_docsis_3,
+		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
+		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_MB
+	}
+};
 #endif /* TEST_CRYPTODEV_AES_TEST_VECTORS_H_ */
--- a/test/test/test_cryptodev_blockcipher.c
+++ b/test/test/test_cryptodev_blockcipher.c
@ -613,6 +613,11 @@ test_blockcipher_all_tests(struct rte_mempool *mbuf_pool,
 		sizeof(aes_cipheronly_test_cases[0]);
 		tcs = aes_cipheronly_test_cases;
 		break;
+	case BLKCIPHER_AES_DOCSIS_TYPE:
+		n_test_cases = sizeof(aes_docsis_test_cases) /
+		sizeof(aes_docsis_test_cases[0]);
+		tcs = aes_docsis_test_cases;
+		break;
 	case BLKCIPHER_3DES_CHAIN_TYPE:
 		n_test_cases = sizeof(triple_des_chain_test_cases) /
 		sizeof(triple_des_chain_test_cases[0]);
--- a/test/test/test_cryptodev_blockcipher.h
+++ b/test/test/test_cryptodev_blockcipher.h
@ -68,6 +68,7 @@
 enum blockcipher_test_type {
 	BLKCIPHER_AES_CHAIN_TYPE,	/* use aes_chain_test_cases[] */
 	BLKCIPHER_AES_CIPHERONLY_TYPE,	/* use aes_cipheronly_test_cases[] */
+	BLKCIPHER_AES_DOCSIS_TYPE,	/* use aes_docsis_test_cases[] */
 	BLKCIPHER_3DES_CHAIN_TYPE,	/* use triple_des_chain_test_cases[] */
 	BLKCIPHER_3DES_CIPHERONLY_TYPE,	/* triple_des_cipheronly_test_cases[] */
 	BLKCIPHER_AUTHONLY_TYPE,	/* use hash_test_cases[] */