@@ -41,6 +41,11 @@ Hash algorithms:
* RTE_CRYPTO_HASH_AES_XCBC_HMAC
* RTE_CRYPTO_HASH_AES_CMAC
* RTE_CRYPTO_HASH_AES_GMAC
+* RTE_CRYPTO_HASH_SHA1
+* RTE_CRYPTO_HASH_SHA224
+* RTE_CRYPTO_HASH_SHA256
+* RTE_CRYPTO_HASH_SHA384
+* RTE_CRYPTO_HASH_SHA512
AEAD algorithms:
@@ -53,6 +58,7 @@ Limitations
* Chained mbufs are not supported.
* Only in-place is currently supported (destination address is the same as source address).
* RTE_CRYPTO_HASH_AES_GMAC is supported by library version v0.51 or later.
+* RTE_CRYPTO_HASH_SHA* is supported by library version v0.52 or later.
Installation
@@ -66,8 +66,10 @@ New Features
compression ratio and compression throughput.
* **updated the AESNI-MB PMD.**
+
* Added support for intel-ipsec-mb version 0.52.
* Added AES-GMAC algorithm support.
+ * Added Plain SHA1, SHA224, SHA256, SHA384, and SHA512 algorithms support.
Removed Items
@@ -107,6 +107,7 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
hash_one_block_t hash_oneblock_fn;
unsigned int key_larger_block_size = 0;
uint8_t hashed_key[HMAC_MAX_BLOCK_SIZE] = { 0 };
+ uint32_t auth_precompute = 1;
if (xform == NULL) {
sess->auth.algo = NULL_HASH;
@@ -237,6 +238,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
key_larger_block_size = 1;
}
break;
+ case RTE_CRYPTO_AUTH_SHA1:
+ sess->auth.algo = PLAIN_SHA1;
+ auth_precompute = 0;
+ break;
case RTE_CRYPTO_AUTH_SHA224_HMAC:
sess->auth.algo = SHA_224;
hash_oneblock_fn = mb_mgr->sha224_one_block;
@@ -248,6 +253,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
key_larger_block_size = 1;
}
break;
+ case RTE_CRYPTO_AUTH_SHA224:
+ sess->auth.algo = PLAIN_SHA_224;
+ auth_precompute = 0;
+ break;
case RTE_CRYPTO_AUTH_SHA256_HMAC:
sess->auth.algo = SHA_256;
hash_oneblock_fn = mb_mgr->sha256_one_block;
@@ -259,6 +268,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
key_larger_block_size = 1;
}
break;
+ case RTE_CRYPTO_AUTH_SHA256:
+ sess->auth.algo = PLAIN_SHA_256;
+ auth_precompute = 0;
+ break;
case RTE_CRYPTO_AUTH_SHA384_HMAC:
sess->auth.algo = SHA_384;
hash_oneblock_fn = mb_mgr->sha384_one_block;
@@ -270,6 +283,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
key_larger_block_size = 1;
}
break;
+ case RTE_CRYPTO_AUTH_SHA384:
+ sess->auth.algo = PLAIN_SHA_384;
+ auth_precompute = 0;
+ break;
case RTE_CRYPTO_AUTH_SHA512_HMAC:
sess->auth.algo = SHA_512;
hash_oneblock_fn = mb_mgr->sha512_one_block;
@@ -281,6 +298,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
key_larger_block_size = 1;
}
break;
+ case RTE_CRYPTO_AUTH_SHA512:
+ sess->auth.algo = PLAIN_SHA_512;
+ auth_precompute = 0;
+ break;
default:
AESNI_MB_LOG(ERR, "Unsupported authentication algorithm selection");
return -ENOTSUP;
@@ -302,6 +323,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
else
sess->auth.gen_digest_len = sess->auth.req_digest_len;
+ /* Plain SHA does not require precompute key */
+ if (auth_precompute == 0)
+ return 0;
+
/* Calculate Authentication precomputes */
if (key_larger_block_size) {
calculate_auth_precomputes(hash_oneblock_fn,
@@ -54,6 +54,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
}, }
}, }
},
+ { /* SHA1 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA1,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 1,
+ .max = 20,
+ .increment = 1
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA224 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -75,6 +96,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
}, }
}, }
},
+ { /* SHA224 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA224,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 1,
+ .max = 28,
+ .increment = 1
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA256 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -96,6 +138,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
}, }
}, }
},
+ { /* SHA256 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA256,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 1,
+ .max = 32,
+ .increment = 1
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA384 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -117,6 +180,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
}, }
}, }
},
+ { /* SHA384 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA384,
+ .block_size = 128,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 1,
+ .max = 48,
+ .increment = 1
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA512 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -138,6 +222,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
}, }
}, }
},
+ { /* SHA512 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA512,
+ .block_size = 128,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 1,
+ .max = 64,
+ .increment = 1
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* AES XCBC HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -109,6 +109,13 @@ static const unsigned auth_digest_byte_lengths[] = {
[AES_CMAC] = 16,
[AES_GMAC] = 12,
[NULL_HASH] = 0,
+#if IMB_VERSION_NUM >= IMB_VERSION(0, 52, 0)
+ [PLAIN_SHA1] = 20,
+ [PLAIN_SHA_224] = 28,
+ [PLAIN_SHA_256] = 32,
+ [PLAIN_SHA_384] = 48,
+ [PLAIN_SHA_512] = 64
+#endif
/**< Vector mode dependent pointer table of the multi-buffer APIs */
};
@@ -96,7 +96,8 @@ sha1_test_vector = {
0x35, 0x62, 0xFB, 0xFA, 0x93, 0xFD, 0x7D, 0x70,
0xA6, 0x7D, 0x45, 0xCA
},
- .len = 20
+ .len = 20,
+ .truncated_len = 20
}
};
@@ -140,7 +141,8 @@ sha224_test_vector = {
0x39, 0x26, 0xDF, 0xB5, 0x78, 0x62, 0xB2, 0x6E,
0x5E, 0x8F, 0x25, 0x84
},
- .len = 28
+ .len = 28,
+ .truncated_len = 28
}
};
@@ -186,7 +188,8 @@ sha256_test_vector = {
0x1F, 0xC7, 0x84, 0xEE, 0x76, 0xA6, 0x39, 0x15,
0x76, 0x2F, 0x87, 0xF9, 0x01, 0x06, 0xF3, 0xB7
},
- .len = 32
+ .len = 32,
+ .truncated_len = 32
}
};
@@ -234,7 +237,8 @@ sha384_test_vector = {
0xAD, 0x41, 0xAB, 0x15, 0xB0, 0x03, 0x15, 0xEC,
0x9E, 0x3D, 0xED, 0xCB, 0x80, 0x7B, 0xF4, 0xB6
},
- .len = 48
+ .len = 48,
+ .truncated_len = 48
}
};
@@ -288,7 +292,8 @@ sha512_test_vector = {
0x64, 0x4E, 0x15, 0x68, 0x12, 0x67, 0x26, 0x0F,
0x2C, 0x3C, 0x83, 0x25, 0x27, 0x86, 0xF0, 0xDB
},
- .len = 64
+ .len = 64,
+ .truncated_len = 64
}
};
@@ -428,7 +433,12 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_CCP |
BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
+#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM
BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX
+#else
+ BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
+#endif
},
{
.test_descr = "SHA1 Digest Verify",
@@ -437,7 +447,12 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_CCP |
BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
+#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM
BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX
+#else
+ BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
+#endif
},
{
.test_descr = "HMAC-SHA1 Digest",
@@ -496,7 +511,12 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_CCP |
BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
+#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM
BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX
+#else
+ BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
+#endif
},
{
.test_descr = "SHA224 Digest Verify",
@@ -505,7 +525,12 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_CCP |
BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
+#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM
BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX
+#else
+ BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
+#endif
},
{
.test_descr = "HMAC-SHA224 Digest",
@@ -542,7 +567,12 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_CCP |
BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
+#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM
BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX
+#else
+ BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
+#endif
},
{
.test_descr = "SHA256 Digest Verify",
@@ -551,7 +581,12 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_CCP |
BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
+#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM
BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX
+#else
+ BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
+#endif
},
{
.test_descr = "HMAC-SHA256 Digest",
@@ -590,7 +625,12 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_CCP |
BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
+#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM
BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX
+#else
+ BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
+#endif
},
{
.test_descr = "SHA384 Digest Verify",
@@ -599,7 +639,12 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_CCP |
BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
+#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM
BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX
+#else
+ BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
+#endif
},
{
.test_descr = "HMAC-SHA384 Digest",
@@ -638,7 +683,12 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_CCP |
BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
+#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM
BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX
+#else
+ BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
+#endif
},
{
.test_descr = "SHA512 Digest Verify",
@@ -647,7 +697,12 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_CCP |
BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
+#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM
BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX
+#else
+ BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
+#endif
},
{
.test_descr = "HMAC-SHA512 Digest",