From c1296f67b0e045e4e700273ddb3768f9a7b3b520 Mon Sep 17 00:00:00 2001 From: Pablo de Lara Date: Thu, 23 Feb 2017 15:06:29 +0000 Subject: [PATCH] crypto/aesni_mb: support AES DOCSIS BPI Underlying IPSec Multi buffer library implements DOCSIS specification, so this commit adds support for this new feature, which combines AES-CBC for full AES blocks (16 bytes) and AES-CFB for last runt block (less than 16 bytes). Signed-off-by: Pablo de Lara Acked-by: Declan Doherty --- doc/guides/cryptodevs/aesni_mb.rst | 1 + doc/guides/cryptodevs/features/aesni_mb.ini | 14 +- doc/guides/rel_notes/release_17_05.rst | 6 + drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 3 + .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 21 +++ test/test/test_cryptodev.c | 17 +++ test/test/test_cryptodev_aes_test_vectors.h | 142 ++++++++++++++++++ test/test/test_cryptodev_blockcipher.c | 5 + test/test/test_cryptodev_blockcipher.h | 1 + 9 files changed, 203 insertions(+), 7 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index f4c0b4821f..1a04023259 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -51,6 +51,7 @@ Cipher algorithms: * RTE_CRYPTO_CIPHER_AES128_CTR * RTE_CRYPTO_CIPHER_AES192_CTR * RTE_CRYPTO_CIPHER_AES256_CTR +* RTE_CRYPTO_CIPHER_AES_DOCSISBPI Hash algorithms: diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index 0bc202c932..03d8485da3 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -16,13 +16,13 @@ CPU AESNI = Y ; Supported crypto algorithms of the 'aesni_mb' crypto driver. ; [Cipher] -AES CBC (128) = Y -AES CBC (192) = Y -AES CBC (256) = Y -AES CTR (128) = Y -AES CTR (192) = Y -AES CTR (256) = Y - +AES CBC (128) = Y +AES CBC (192) = Y +AES CBC (256) = Y +AES CTR (128) = Y +AES CTR (192) = Y +AES CTR (256) = Y +AES DOCSIS BPI = Y ; ; Supported authentication algorithms of the 'aesni_mb' crypto driver. ; diff --git a/doc/guides/rel_notes/release_17_05.rst b/doc/guides/rel_notes/release_17_05.rst index f1ac7bff41..fcc7faa06a 100644 --- a/doc/guides/rel_notes/release_17_05.rst +++ b/doc/guides/rel_notes/release_17_05.rst @@ -245,6 +245,12 @@ New Features primary slave first. Then, any operation that cannot be enqueued is enqueued to a secondary slave. +* **Updated the AESNI MB PMD.** + + The AESNI MB PMD has been updated with additional support for: + + * AES DOCSIS BPI algorithm. + Resolved Issues --------------- diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 0fab81ef56..be15d2282d 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -218,6 +218,9 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_op_fns *mb_ops, case RTE_CRYPTO_CIPHER_AES_CTR: sess->cipher.mode = CNTR; break; + case RTE_CRYPTO_CIPHER_AES_DOCSISBPI: + sess->cipher.mode = DOCSIS_SEC_BPI; + break; default: MB_LOG_ERR("Unsupported cipher mode parameter"); return -1; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index ec13c563a3..d1bc28e030 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -227,6 +227,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* AES DOCSIS BPI */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c index 6fe5362f2a..493518d1e7 100644 --- a/test/test/test_cryptodev.c +++ b/test/test/test_cryptodev.c @@ -1531,6 +1531,22 @@ test_AES_cipheronly_mb_all(void) return TEST_SUCCESS; } +static int +test_AES_docsis_mb_all(void) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + int status; + + status = test_blockcipher_all_tests(ts_params->mbuf_pool, + ts_params->op_mpool, ts_params->valid_devs[0], + RTE_CRYPTODEV_AESNI_MB_PMD, + BLKCIPHER_AES_DOCSIS_TYPE); + + TEST_ASSERT_EQUAL(status, 0, "Test failed"); + + return TEST_SUCCESS; +} + static int test_authonly_mb_all(void) { @@ -7673,6 +7689,7 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = { .unit_test_cases = { TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_mb_all), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all), + TEST_CASE_ST(ut_setup, ut_teardown, test_AES_docsis_mb_all), TEST_CASE_ST(ut_setup, ut_teardown, test_authonly_mb_all), TEST_CASES_END() /**< NULL terminate unit test array */ diff --git a/test/test/test_cryptodev_aes_test_vectors.h b/test/test/test_cryptodev_aes_test_vectors.h index f3fbef1aeb..aacabab09c 100644 --- a/test/test/test_cryptodev_aes_test_vectors.h +++ b/test/test/test_cryptodev_aes_test_vectors.h @@ -56,6 +56,26 @@ static const uint8_t ciphertext64_aes128ctr[] = { 0x79, 0x21, 0x70, 0xA0, 0xF3, 0x00, 0x9C, 0xEE }; +static const uint8_t plaintext_aes_docsis_bpi_cfb[] = { + 0x00, 0x01, 0x02, 0x88, 0xEE, 0x59, 0x7E +}; + +static const uint8_t ciphertext_aes_docsis_bpi_cfb[] = { + 0xFC, 0x68, 0xA3, 0x55, 0x60, 0x37, 0xDC +}; + +static const uint8_t plaintext_aes_docsis_bpi_cbc_cfb[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x91, + 0xD2, 0xD1, 0x9F +}; + +static const uint8_t ciphertext_aes_docsis_bpi_cbc_cfb[] = { + 0x9D, 0xD1, 0x67, 0x4B, 0xBA, 0x61, 0x10, 0x1B, + 0x56, 0x75, 0x64, 0x74, 0x36, 0x4F, 0x10, 0x1D, + 0x44, 0xD4, 0x73 +}; + static const uint8_t plaintext_aes192ctr[] = { 0x01, 0x0F, 0x10, 0x1F, 0x20, 0x1C, 0x0E, 0xB8, 0xFB, 0x5C, 0xCD, 0xCC, 0x1F, 0xF9, 0xAF, 0x0B, @@ -917,6 +937,89 @@ static const struct blockcipher_test_data aes_test_data_13 = { } }; +/* AES-DOCSIS-BPI test vectors */ + +/* Multiple of AES block size */ +static const struct blockcipher_test_data aes_test_data_docsis_1 = { + .crypto_algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI, + .cipher_key = { + .data = { + 0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2, + 0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A + }, + .len = 16 + }, + .iv = { + .data = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F + }, + .len = 16 + }, + .plaintext = { + .data = plaintext_aes_common, + .len = 512 + }, + .ciphertext = { + .data = ciphertext512_aes128cbc, + .len = 512 + } +}; + +/* Less than AES block size */ +static const struct blockcipher_test_data aes_test_data_docsis_2 = { + .crypto_algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI, + .cipher_key = { + .data = { + 0xE6, 0x60, 0x0F, 0xD8, 0x85, 0x2E, 0xF5, 0xAB, + 0xE6, 0x60, 0x0F, 0xD8, 0x85, 0x2E, 0xF5, 0xAB + }, + .len = 16 + }, + .iv = { + .data = { + 0x81, 0x0E, 0x52, 0x8E, 0x1C, 0x5F, 0xDA, 0x1A, + 0x81, 0x0E, 0x52, 0x8E, 0x1C, 0x5F, 0xDA, 0x1A + }, + .len = 16 + }, + .plaintext = { + .data = plaintext_aes_docsis_bpi_cfb, + .len = 7 + }, + .ciphertext = { + .data = ciphertext_aes_docsis_bpi_cfb, + .len = 7 + } +}; + +/* Not multiple of AES block size */ +static const struct blockcipher_test_data aes_test_data_docsis_3 = { + .crypto_algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI, + .cipher_key = { + .data = { + 0xE6, 0x60, 0x0F, 0xD8, 0x85, 0x2E, 0xF5, 0xAB, + 0xE6, 0x60, 0x0F, 0xD8, 0x85, 0x2E, 0xF5, 0xAB + }, + .len = 16 + }, + .iv = { + .data = { + 0x81, 0x0E, 0x52, 0x8E, 0x1C, 0x5F, 0xDA, 0x1A, + 0x81, 0x0E, 0x52, 0x8E, 0x1C, 0x5F, 0xDA, 0x1A + }, + .len = 16 + }, + .plaintext = { + .data = plaintext_aes_docsis_bpi_cbc_cfb, + .len = 19 + }, + .ciphertext = { + .data = ciphertext_aes_docsis_bpi_cbc_cfb, + .len = 19 + } +}; + static const struct blockcipher_test_case aes_chain_test_cases[] = { { .test_descr = "AES-128-CTR HMAC-SHA1 Encryption Digest", @@ -1330,4 +1433,43 @@ static const struct blockcipher_test_case aes_cipheronly_test_cases[] = { }, }; +static const struct blockcipher_test_case aes_docsis_test_cases[] = { + + { + .test_descr = "AES-DOCSIS-BPI Full Block Encryption", + .test_data = &aes_test_data_docsis_1, + .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_MB + }, + { + .test_descr = "AES-DOCSIS-BPI Runt Block Encryption", + .test_data = &aes_test_data_docsis_2, + .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_MB + }, + { + .test_descr = "AES-DOCSIS-BPI Uneven Encryption", + .test_data = &aes_test_data_docsis_3, + .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_MB + }, + { + .test_descr = "AES-DOCSIS-BPI Full Block Decryption", + .test_data = &aes_test_data_docsis_1, + .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_MB + }, + { + .test_descr = "AES-DOCSIS-BPI Runt Block Decryption", + .test_data = &aes_test_data_docsis_2, + .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_MB + }, + { + .test_descr = "AES-DOCSIS-BPI Uneven Decryption", + .test_data = &aes_test_data_docsis_3, + .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_MB + } +}; #endif /* TEST_CRYPTODEV_AES_TEST_VECTORS_H_ */ diff --git a/test/test/test_cryptodev_blockcipher.c b/test/test/test_cryptodev_blockcipher.c index da87368a78..9d39b7d761 100644 --- a/test/test/test_cryptodev_blockcipher.c +++ b/test/test/test_cryptodev_blockcipher.c @@ -613,6 +613,11 @@ test_blockcipher_all_tests(struct rte_mempool *mbuf_pool, sizeof(aes_cipheronly_test_cases[0]); tcs = aes_cipheronly_test_cases; break; + case BLKCIPHER_AES_DOCSIS_TYPE: + n_test_cases = sizeof(aes_docsis_test_cases) / + sizeof(aes_docsis_test_cases[0]); + tcs = aes_docsis_test_cases; + break; case BLKCIPHER_3DES_CHAIN_TYPE: n_test_cases = sizeof(triple_des_chain_test_cases) / sizeof(triple_des_chain_test_cases[0]); diff --git a/test/test/test_cryptodev_blockcipher.h b/test/test/test_cryptodev_blockcipher.h index 053aaa1cda..6e3712114a 100644 --- a/test/test/test_cryptodev_blockcipher.h +++ b/test/test/test_cryptodev_blockcipher.h @@ -68,6 +68,7 @@ enum blockcipher_test_type { BLKCIPHER_AES_CHAIN_TYPE, /* use aes_chain_test_cases[] */ BLKCIPHER_AES_CIPHERONLY_TYPE, /* use aes_cipheronly_test_cases[] */ + BLKCIPHER_AES_DOCSIS_TYPE, /* use aes_docsis_test_cases[] */ BLKCIPHER_3DES_CHAIN_TYPE, /* use triple_des_chain_test_cases[] */ BLKCIPHER_3DES_CIPHERONLY_TYPE, /* triple_des_cipheronly_test_cases[] */ BLKCIPHER_AUTHONLY_TYPE, /* use hash_test_cases[] */