Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/49151/?format=api
{ "id": 49151, "url": "http://patches.dpdk.org/api/patches/49151/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20181219220431.57710-2-roy.fan.zhang@intel.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20181219220431.57710-2-roy.fan.zhang@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20181219220431.57710-2-roy.fan.zhang@intel.com", "date": "2018-12-19T22:04:29", "name": "[v5,1/3] crypto/aesni_mb: add gmac support", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "9ffc58255a4b9e15437bde95676c805a9ecb8c2b", "submitter": { "id": 304, "url": "http://patches.dpdk.org/api/people/304/?format=api", "name": "Fan Zhang", "email": "roy.fan.zhang@intel.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20181219220431.57710-2-roy.fan.zhang@intel.com/mbox/", "series": [ { "id": 2883, "url": "http://patches.dpdk.org/api/series/2883/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=2883", "date": "2018-12-19T22:04:28", "name": "crypto/aesni_mb: add gmac support", "version": 5, "mbox": "http://patches.dpdk.org/series/2883/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/49151/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/49151/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 6ECD51B943;\n\tWed, 19 Dec 2018 23:04:39 +0100 (CET)", "from mga09.intel.com (mga09.intel.com [134.134.136.24])\n\tby dpdk.org (Postfix) with ESMTP id AEE441B8D0\n\tfor <dev@dpdk.org>; Wed, 19 Dec 2018 23:04:34 +0100 (CET)", "from fmsmga004.fm.intel.com ([10.253.24.48])\n\tby orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n\t19 Dec 2018 14:04:34 -0800", "from silpixa00398673.ir.intel.com (HELO\n\tsilpixa00398673.ger.corp.intel.com) ([10.237.223.54])\n\tby fmsmga004.fm.intel.com with ESMTP; 19 Dec 2018 14:04:33 -0800" ], "X-Amp-Result": "SKIPPED(no attachment in message)", "X-Amp-File-Uploaded": "False", "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos;i=\"5.56,374,1539673200\"; d=\"scan'208\";a=\"129281759\"", "From": "Fan Zhang <roy.fan.zhang@intel.com>", "To": "dev@dpdk.org", "Cc": "akhil.goyal@nxp.com", "Date": "Wed, 19 Dec 2018 22:04:29 +0000", "Message-Id": "<20181219220431.57710-2-roy.fan.zhang@intel.com>", "X-Mailer": "git-send-email 2.13.6", "In-Reply-To": "<20181219220431.57710-1-roy.fan.zhang@intel.com>", "References": "<20181219214244.21234-1-roy.fan.zhang@intel.com>\n\t<20181219220431.57710-1-roy.fan.zhang@intel.com>", "Subject": "[dpdk-dev] [PATCH v5 1/3] crypto/aesni_mb: add gmac support", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "This patch updates the AESNI-MB PMD to add AES-GMAC support.\n\nSigned-off-by: Fan Zhang <roy.fan.zhang@intel.com>\nAcked-by: Damian Nowak <damianx.nowak@intel.com>\n---\n drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 126 +++++++++++++++-----\n drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c | 127 ++++++++++++++++-----\n drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 25 ++++\n .../crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c | 25 ++++\n 4 files changed, 250 insertions(+), 53 deletions(-)", "diff": "diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c\nindex 2c25b7b32..d34cbc36a 100644\n--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c\n+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c\n@@ -173,6 +173,54 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,\n \t\treturn 0;\n \t}\n \n+\tif (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {\n+\t\tif (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) {\n+\t\t\tsess->cipher.direction = ENCRYPT;\n+\t\t\tsess->chain_order = CIPHER_HASH;\n+\t\t} else\n+\t\t\tsess->cipher.direction = DECRYPT;\n+\n+\t\tsess->auth.algo = AES_GMAC;\n+\t\t/*\n+\t\t * Multi-buffer lib supports 8, 12 and 16 bytes of digest.\n+\t\t * If size requested is different, generate the full digest\n+\t\t * (16 bytes) in a temporary location and then memcpy\n+\t\t * the requested number of bytes.\n+\t\t */\n+\t\tif (sess->auth.req_digest_len != 16 &&\n+\t\t\t\tsess->auth.req_digest_len != 12 &&\n+\t\t\t\tsess->auth.req_digest_len != 8) {\n+\t\t\tsess->auth.gen_digest_len = 16;\n+\t\t} else {\n+\t\t\tsess->auth.gen_digest_len = sess->auth.req_digest_len;\n+\t\t}\n+\t\tsess->iv.length = xform->auth.iv.length;\n+\t\tsess->iv.offset = xform->auth.iv.offset;\n+\n+\t\tswitch (xform->auth.key.length) {\n+\t\tcase AES_128_BYTES:\n+\t\t\tIMB_AES128_GCM_PRE(mb_mgr, xform->auth.key.data,\n+\t\t\t\t&sess->cipher.gcm_key);\n+\t\t\tsess->cipher.key_length_in_bytes = AES_128_BYTES;\n+\t\t\tbreak;\n+\t\tcase AES_192_BYTES:\n+\t\t\tIMB_AES192_GCM_PRE(mb_mgr, xform->auth.key.data,\n+\t\t\t\t&sess->cipher.gcm_key);\n+\t\t\tsess->cipher.key_length_in_bytes = AES_192_BYTES;\n+\t\t\tbreak;\n+\t\tcase AES_256_BYTES:\n+\t\t\tIMB_AES256_GCM_PRE(mb_mgr, xform->auth.key.data,\n+\t\t\t\t&sess->cipher.gcm_key);\n+\t\t\tsess->cipher.key_length_in_bytes = AES_256_BYTES;\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\tRTE_LOG(ERR, PMD, \"failed to parse test type\\n\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\treturn 0;\n+\t}\n+\n \tswitch (xform->auth.algo) {\n \tcase RTE_CRYPTO_AUTH_MD5_HMAC:\n \t\tsess->auth.algo = MD5;\n@@ -735,8 +783,16 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,\n \t\tbreak;\n \n \tcase AES_GMAC:\n-\t\tjob->u.GCM.aad = op->sym->aead.aad.data;\n-\t\tjob->u.GCM.aad_len_in_bytes = session->aead.aad_len;\n+\t\tif (session->cipher.mode == GCM) {\n+\t\t\tjob->u.GCM.aad = op->sym->aead.aad.data;\n+\t\t\tjob->u.GCM.aad_len_in_bytes = session->aead.aad_len;\n+\t\t} else {\n+\t\t\t/* For GMAC */\n+\t\t\tjob->u.GCM.aad = rte_pktmbuf_mtod_offset(m_src,\n+\t\t\t\t\tuint8_t *, op->sym->auth.data.offset);\n+\t\t\tjob->u.GCM.aad_len_in_bytes = op->sym->auth.data.length;\n+\t\t\tjob->cipher_mode = GCM;\n+\t\t}\n \t\tjob->aes_enc_key_expanded = &session->cipher.gcm_key;\n \t\tjob->aes_dec_key_expanded = &session->cipher.gcm_key;\n \t\tbreak;\n@@ -776,7 +832,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,\n \t\t\t\trte_pktmbuf_data_len(op->sym->m_src));\n \t} else {\n \t\tm_dst = m_src;\n-\t\tif (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC)\n+\t\tif (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC &&\n+\t\t\t\tsession->cipher.mode == GCM))\n \t\t\tm_offset = op->sym->aead.data.offset;\n \t\telse\n \t\t\tm_offset = op->sym->cipher.data.offset;\n@@ -788,7 +845,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,\n \t\tjob->auth_tag_output = qp->temp_digests[*digest_idx];\n \t\t*digest_idx = (*digest_idx + 1) % MAX_JOBS;\n \t} else {\n-\t\tif (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC)\n+\t\tif (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC &&\n+\t\t\t\tsession->cipher.mode == GCM))\n \t\t\tjob->auth_tag_output = op->sym->aead.digest.data;\n \t\telse\n \t\t\tjob->auth_tag_output = op->sym->auth.digest.data;\n@@ -826,11 +884,24 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,\n \t\tbreak;\n \n \tcase AES_GMAC:\n-\t\tjob->cipher_start_src_offset_in_bytes =\n-\t\t\t\top->sym->aead.data.offset;\n-\t\tjob->hash_start_src_offset_in_bytes = op->sym->aead.data.offset;\n-\t\tjob->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;\n-\t\tjob->msg_len_to_hash_in_bytes = job->msg_len_to_cipher_in_bytes;\n+\t\tif (session->cipher.mode == GCM) {\n+\t\t\tjob->cipher_start_src_offset_in_bytes =\n+\t\t\t\t\top->sym->aead.data.offset;\n+\t\t\tjob->hash_start_src_offset_in_bytes =\n+\t\t\t\t\top->sym->aead.data.offset;\n+\t\t\tjob->msg_len_to_cipher_in_bytes =\n+\t\t\t\t\top->sym->aead.data.length;\n+\t\t\tjob->msg_len_to_hash_in_bytes =\n+\t\t\t\t\top->sym->aead.data.length;\n+\t\t} else {\n+\t\t\tjob->cipher_start_src_offset_in_bytes =\n+\t\t\t\t\top->sym->auth.data.offset;\n+\t\t\tjob->hash_start_src_offset_in_bytes =\n+\t\t\t\t\top->sym->auth.data.offset;\n+\t\t\tjob->msg_len_to_cipher_in_bytes = 0;\n+\t\t\tjob->msg_len_to_hash_in_bytes = 0;\n+\t\t}\n+\n \t\tjob->iv = rte_crypto_op_ctod_offset(op, uint8_t *,\n \t\t\t\tsession->iv.offset);\n \t\tbreak;\n@@ -854,19 +925,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,\n }\n \n static inline void\n-verify_digest(JOB_AES_HMAC *job, struct rte_crypto_op *op,\n-\t\tstruct aesni_mb_session *sess)\n+verify_digest(JOB_AES_HMAC *job, void *digest, uint16_t len, uint8_t *status)\n {\n \t/* Verify digest if required */\n-\tif (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) {\n-\t\tif (memcmp(job->auth_tag_output, op->sym->aead.digest.data,\n-\t\t\t\tsess->auth.req_digest_len) != 0)\n-\t\t\top->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;\n-\t} else {\n-\t\tif (memcmp(job->auth_tag_output, op->sym->auth.digest.data,\n-\t\t\t\tsess->auth.req_digest_len) != 0)\n-\t\t\top->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;\n-\t}\n+\tif (memcmp(job->auth_tag_output, digest, len) != 0)\n+\t\t*status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;\n }\n \n static inline void\n@@ -908,13 +971,24 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)\n \t\tcase STS_COMPLETED:\n \t\t\top->status = RTE_CRYPTO_OP_STATUS_SUCCESS;\n \n-\t\t\tif (job->hash_alg != NULL_HASH) {\n-\t\t\t\tif (sess->auth.operation ==\n-\t\t\t\t\t\tRTE_CRYPTO_AUTH_OP_VERIFY)\n-\t\t\t\t\tverify_digest(job, op, sess);\n+\t\t\tif (job->hash_alg == NULL_HASH)\n+\t\t\t\tbreak;\n+\n+\t\t\tif (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {\n+\t\t\t\tif (job->hash_alg == AES_CCM ||\n+\t\t\t\t\t(job->hash_alg == AES_GMAC &&\n+\t\t\t\t\t\tsess->cipher.mode == GCM))\n+\t\t\t\t\tverify_digest(job,\n+\t\t\t\t\t\top->sym->aead.digest.data,\n+\t\t\t\t\t\tsess->auth.req_digest_len,\n+\t\t\t\t\t\t&op->status);\n \t\t\t\telse\n-\t\t\t\t\tgenerate_digest(job, op, sess);\n-\t\t\t}\n+\t\t\t\t\tverify_digest(job,\n+\t\t\t\t\t\top->sym->auth.digest.data,\n+\t\t\t\t\t\tsess->auth.req_digest_len,\n+\t\t\t\t\t\t&op->status);\n+\t\t\t} else\n+\t\t\t\tgenerate_digest(job, op, sess);\n \t\t\tbreak;\n \t\tdefault:\n \t\t\top->status = RTE_CRYPTO_OP_STATUS_ERROR;\ndiff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c\nindex 83250e32c..56ce54946 100644\n--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c\n+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c\n@@ -177,6 +177,54 @@ aesni_mb_set_session_auth_parameters(const struct aesni_mb_op_fns *mb_ops,\n \t\treturn 0;\n \t}\n \n+\tif (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {\n+\t\tif (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) {\n+\t\t\tsess->cipher.direction = ENCRYPT;\n+\t\t\tsess->chain_order = CIPHER_HASH;\n+\t\t} else\n+\t\t\tsess->cipher.direction = DECRYPT;\n+\n+\t\tsess->auth.algo = AES_GMAC;\n+\t\t/*\n+\t\t * Multi-buffer lib supports 8, 12 and 16 bytes of digest.\n+\t\t * If size requested is different, generate the full digest\n+\t\t * (16 bytes) in a temporary location and then memcpy\n+\t\t * the requested number of bytes.\n+\t\t */\n+\t\tif (sess->auth.req_digest_len != 16 &&\n+\t\t\t\tsess->auth.req_digest_len != 12 &&\n+\t\t\t\tsess->auth.req_digest_len != 8) {\n+\t\t\tsess->auth.gen_digest_len = 16;\n+\t\t} else {\n+\t\t\tsess->auth.gen_digest_len = sess->auth.req_digest_len;\n+\t\t}\n+\t\tsess->iv.length = xform->auth.iv.length;\n+\t\tsess->iv.offset = xform->auth.iv.offset;\n+\n+\t\tswitch (xform->auth.key.length) {\n+\t\tcase AES_128_BYTES:\n+\t\t\tsess->cipher.key_length_in_bytes = AES_128_BYTES;\n+\t\t\t(mb_ops->aux.keyexp.aes_gcm_128)(xform->auth.key.data,\n+\t\t\t\t&sess->cipher.gcm_key);\n+\t\t\tbreak;\n+\t\tcase AES_192_BYTES:\n+\t\t\tsess->cipher.key_length_in_bytes = AES_192_BYTES;\n+\t\t\t(mb_ops->aux.keyexp.aes_gcm_192)(xform->auth.key.data,\n+\t\t\t\t&sess->cipher.gcm_key);\n+\t\t\tbreak;\n+\t\tcase AES_256_BYTES:\n+\t\t\tsess->cipher.key_length_in_bytes = AES_256_BYTES;\n+\t\t\t(mb_ops->aux.keyexp.aes_gcm_256)(xform->auth.key.data,\n+\t\t\t\t&sess->cipher.gcm_key);\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\tRTE_LOG(ERR, PMD, \"failed to parse test type\\n\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\treturn 0;\n+\t}\n+\n \tswitch (xform->auth.algo) {\n \tcase RTE_CRYPTO_AUTH_MD5_HMAC:\n \t\tsess->auth.algo = MD5;\n@@ -760,8 +808,16 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,\n \t\tbreak;\n \n \tcase AES_GMAC:\n-\t\tjob->u.GCM.aad = op->sym->aead.aad.data;\n-\t\tjob->u.GCM.aad_len_in_bytes = session->aead.aad_len;\n+\t\tif (session->cipher.mode == GCM) {\n+\t\t\tjob->u.GCM.aad = op->sym->aead.aad.data;\n+\t\t\tjob->u.GCM.aad_len_in_bytes = session->aead.aad_len;\n+\t\t} else {\n+\t\t\t/* For GMAC */\n+\t\t\tjob->u.GCM.aad = rte_pktmbuf_mtod_offset(m_src,\n+\t\t\t\t\tuint8_t *, op->sym->auth.data.offset);\n+\t\t\tjob->u.GCM.aad_len_in_bytes = op->sym->auth.data.length;\n+\t\t\tjob->cipher_mode = GCM;\n+\t\t}\n \t\tjob->aes_enc_key_expanded = &session->cipher.gcm_key;\n \t\tjob->aes_dec_key_expanded = &session->cipher.gcm_key;\n \t\tbreak;\n@@ -801,7 +857,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,\n \t\t\t\trte_pktmbuf_data_len(op->sym->m_src));\n \t} else {\n \t\tm_dst = m_src;\n-\t\tif (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC)\n+\t\tif (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC &&\n+\t\t\t\tsession->cipher.mode == GCM))\n \t\t\tm_offset = op->sym->aead.data.offset;\n \t\telse\n \t\t\tm_offset = op->sym->cipher.data.offset;\n@@ -813,7 +870,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,\n \t\tjob->auth_tag_output = qp->temp_digests[*digest_idx];\n \t\t*digest_idx = (*digest_idx + 1) % MAX_JOBS;\n \t} else {\n-\t\tif (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC)\n+\t\tif (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC &&\n+\t\t\t\tsession->cipher.mode == GCM))\n \t\t\tjob->auth_tag_output = op->sym->aead.digest.data;\n \t\telse\n \t\t\tjob->auth_tag_output = op->sym->auth.digest.data;\n@@ -851,13 +909,26 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,\n \t\tbreak;\n \n \tcase AES_GMAC:\n-\t\tjob->cipher_start_src_offset_in_bytes =\n-\t\t\t\top->sym->aead.data.offset;\n-\t\tjob->hash_start_src_offset_in_bytes = op->sym->aead.data.offset;\n-\t\tjob->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;\n-\t\tjob->msg_len_to_hash_in_bytes = job->msg_len_to_cipher_in_bytes;\n+\t\tif (session->cipher.mode == GCM) {\n+\t\t\tjob->cipher_start_src_offset_in_bytes =\n+\t\t\t\t\top->sym->aead.data.offset;\n+\t\t\tjob->hash_start_src_offset_in_bytes =\n+\t\t\t\t\top->sym->aead.data.offset;\n+\t\t\tjob->msg_len_to_cipher_in_bytes =\n+\t\t\t\t\top->sym->aead.data.length;\n+\t\t\tjob->msg_len_to_hash_in_bytes =\n+\t\t\t\t\top->sym->aead.data.length;\n+\t\t} else {\n+\t\t\tjob->cipher_start_src_offset_in_bytes =\n+\t\t\t\t\top->sym->auth.data.offset;\n+\t\t\tjob->hash_start_src_offset_in_bytes =\n+\t\t\t\t\top->sym->auth.data.offset;\n+\t\t\tjob->msg_len_to_cipher_in_bytes = 0;\n+\t\t\tjob->msg_len_to_hash_in_bytes = 0;\n+\t\t}\n \t\tjob->iv = rte_crypto_op_ctod_offset(op, uint8_t *,\n \t\t\t\tsession->iv.offset);\n+\n \t\tbreak;\n \n \tdefault:\n@@ -879,19 +950,10 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,\n }\n \n static inline void\n-verify_digest(JOB_AES_HMAC *job, struct rte_crypto_op *op,\n-\t\tstruct aesni_mb_session *sess)\n+verify_digest(JOB_AES_HMAC *job, void *digest, uint16_t len, uint8_t *status)\n {\n-\t/* Verify digest if required */\n-\tif (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) {\n-\t\tif (memcmp(job->auth_tag_output, op->sym->aead.digest.data,\n-\t\t\t\tsess->auth.req_digest_len) != 0)\n-\t\t\top->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;\n-\t} else {\n-\t\tif (memcmp(job->auth_tag_output, op->sym->auth.digest.data,\n-\t\t\t\tsess->auth.req_digest_len) != 0)\n-\t\t\top->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;\n-\t}\n+\tif (memcmp(job->auth_tag_output, digest, len) != 0)\n+\t\t*status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;\n }\n \n static inline void\n@@ -933,13 +995,24 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)\n \t\tcase STS_COMPLETED:\n \t\t\top->status = RTE_CRYPTO_OP_STATUS_SUCCESS;\n \n-\t\t\tif (job->hash_alg != NULL_HASH) {\n-\t\t\t\tif (sess->auth.operation ==\n-\t\t\t\t\t\tRTE_CRYPTO_AUTH_OP_VERIFY)\n-\t\t\t\t\tverify_digest(job, op, sess);\n+\t\t\tif (job->hash_alg == NULL_HASH)\n+\t\t\t\tbreak;\n+\n+\t\t\tif (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {\n+\t\t\t\tif (job->hash_alg == AES_CCM ||\n+\t\t\t\t\t(job->hash_alg == AES_GMAC &&\n+\t\t\t\t\t\tsess->cipher.mode == GCM))\n+\t\t\t\t\tverify_digest(job,\n+\t\t\t\t\t\top->sym->aead.digest.data,\n+\t\t\t\t\t\tsess->auth.req_digest_len,\n+\t\t\t\t\t\t&op->status);\n \t\t\t\telse\n-\t\t\t\t\tgenerate_digest(job, op, sess);\n-\t\t\t}\n+\t\t\t\t\tverify_digest(job,\n+\t\t\t\t\t\top->sym->auth.digest.data,\n+\t\t\t\t\t\tsess->auth.req_digest_len,\n+\t\t\t\t\t\t&op->status);\n+\t\t\t} else\n+\t\t\t\tgenerate_digest(job, op, sess);\n \t\t\tbreak;\n \t\tdefault:\n \t\t\top->status = RTE_CRYPTO_OP_STATUS_ERROR;\ndiff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c\nindex 5788e37d1..56d409b4b 100644\n--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c\n+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c\n@@ -360,6 +360,31 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {\n \t\t\t}, }\n \t\t}, }\n \t},\n+\t{\t/* AES GMAC (AUTH) */\n+\t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n+\t\t{.sym = {\n+\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,\n+\t\t\t{.auth = {\n+\t\t\t\t.algo = RTE_CRYPTO_AUTH_AES_GMAC,\n+\t\t\t\t.block_size = 16,\n+\t\t\t\t.key_size = {\n+\t\t\t\t\t.min = 16,\n+\t\t\t\t\t.max = 32,\n+\t\t\t\t\t.increment = 8\n+\t\t\t\t},\n+\t\t\t\t.digest_size = {\n+\t\t\t\t\t.min = 8,\n+\t\t\t\t\t.max = 16,\n+\t\t\t\t\t.increment = 4\n+\t\t\t\t},\n+\t\t\t\t.iv_size = {\n+\t\t\t\t\t.min = 12,\n+\t\t\t\t\t.max = 12,\n+\t\t\t\t\t.increment = 0\n+\t\t\t\t}\n+\t\t\t}, }\n+\t\t}, }\n+\t},\n \tRTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()\n };\n \ndiff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c\nindex f3eff2685..1ca6baafa 100644\n--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c\n+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c\n@@ -416,6 +416,31 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {\n \t\t\t}, }\n \t\t}, }\n \t},\n+\t{\t/* AES GMAC (AUTH) */\n+\t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n+\t\t{.sym = {\n+\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,\n+\t\t\t{.auth = {\n+\t\t\t\t.algo = RTE_CRYPTO_AUTH_AES_GMAC,\n+\t\t\t\t.block_size = 16,\n+\t\t\t\t.key_size = {\n+\t\t\t\t\t.min = 16,\n+\t\t\t\t\t.max = 32,\n+\t\t\t\t\t.increment = 8\n+\t\t\t\t},\n+\t\t\t\t.digest_size = {\n+\t\t\t\t\t.min = 8,\n+\t\t\t\t\t.max = 16,\n+\t\t\t\t\t.increment = 4\n+\t\t\t\t},\n+\t\t\t\t.iv_size = {\n+\t\t\t\t\t.min = 12,\n+\t\t\t\t\t.max = 12,\n+\t\t\t\t\t.increment = 0\n+\t\t\t\t}\n+\t\t\t}, }\n+\t\t}, }\n+\t},\n \tRTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()\n };\n \n", "prefixes": [ "v5", "1/3" ] }