diff mbox series

crypto/qat: use intel-ipsec-mb for partial hash

Message ID 20220407152931.8771-1-roy.fan.zhang@intel.com (mailing list archive)
State Superseded
Delegated to: akhil goyal
Headers show
Series crypto/qat: use intel-ipsec-mb for partial hash | expand

Checks

Context Check Description
ci/intel-Testing success Testing PASS
ci/github-robot: build fail github build: failed
ci/iol-testing fail build patch failure
ci/Intel-compilation fail Compilation issues
ci/checkpatch success coding style OK

Commit Message

Zhang, Roy Fan April 7, 2022, 3:29 p.m. UTC
Since openssl 3.0 now deprecates the low level API QAT required to
perform partial hash operation when creating the session. This
patch is to transfer such dependency from openssl to intel-ipsec-mb.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
---
 drivers/common/qat/meson.build       |  10 +++
 drivers/crypto/qat/qat_sym_session.c | 101 +++++----------------------
 2 files changed, 28 insertions(+), 83 deletions(-)

Comments

Changchun Zhang April 14, 2022, 6:45 p.m. UTC | #1
Hi Fan,

Does it mean the intel-ipsec-mb would be prerequisite of applying QAT offloading for security application? It this is the case, as I know, the intel-ipsec-mb has no FIPS certification yet. Thus I am thinking this would impact existing QAT based security application, right?

Best Regards,
Changchun Zhang

From: Fan Zhang <roy.fan.zhang@intel.com>
Date: Thursday, April 7, 2022 at 11:29 AM
To: dev@dpdk.org <dev@dpdk.org>
Cc: kai.ji@intel.com <kai.ji@intel.com>, gakhil@marvell.com <gakhil@marvell.com>, pablo.de.lara.guarch@intel.com <pablo.de.lara.guarch@intel.com>, Fan Zhang <roy.fan.zhang@intel.com>
Subject: [External] : [PATCH] crypto/qat: use intel-ipsec-mb for partial hash
Since openssl 3.0 now deprecates the low level API QAT required to
perform partial hash operation when creating the session. This
patch is to transfer such dependency from openssl to intel-ipsec-mb.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
---
 drivers/common/qat/meson.build       |  10 +++
 drivers/crypto/qat/qat_sym_session.c | 101 +++++----------------------
 2 files changed, 28 insertions(+), 83 deletions(-)

diff --git a/drivers/common/qat/meson.build b/drivers/common/qat/meson.build
index b7027f3164..d35fc69d96 100644
--- a/drivers/common/qat/meson.build
+++ b/drivers/common/qat/meson.build
@@ -35,6 +35,16 @@ if qat_crypto and not libcrypto.found()
             'missing dependency, libcrypto')
 endif

+
+IMB_required_ver = '1.0.0'
+libipsecmb = cc.find_library('IPSec_MB', required: false)
+if not lib.found()
+    build = false
+    reason = 'missing dependency, "libIPSec_MB"'
+else
+    ext_deps += libipsecmb
+endif
+
 # The driver should not build if both compression and crypto are disabled
 #FIXME common code depends on compression files so check only compress!
 if not qat_compress # and not qat_crypto
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 9d6a19c0be..05a11db750 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -6,6 +6,7 @@
 #include <openssl/aes.h>        /* Needed to calculate pre-compute values */
 #include <openssl/md5.h>        /* Needed to calculate pre-compute values */
 #include <openssl/evp.h>        /* Needed for bpi runt block processing */
+#include <intel-ipsec-mb.h>

 #include <rte_memcpy.h>
 #include <rte_common.h>
@@ -1057,139 +1058,73 @@ static int qat_hash_get_block_size(enum icp_qat_hw_auth_algo qat_hash_alg)
         return -EFAULT;
 }

-static int partial_hash_sha1(uint8_t *data_in, uint8_t *data_out)
-{
-       SHA_CTX ctx;
-
-       if (!SHA1_Init(&ctx))
-               return -EFAULT;
-       SHA1_Transform(&ctx, data_in);
-       rte_memcpy(data_out, &ctx, SHA_DIGEST_LENGTH);
-       return 0;
-}
-
-static int partial_hash_sha224(uint8_t *data_in, uint8_t *data_out)
-{
-       SHA256_CTX ctx;
-
-       if (!SHA224_Init(&ctx))
-               return -EFAULT;
-       SHA256_Transform(&ctx, data_in);
-       rte_memcpy(data_out, &ctx, SHA256_DIGEST_LENGTH);
-       return 0;
-}
-
-static int partial_hash_sha256(uint8_t *data_in, uint8_t *data_out)
-{
-       SHA256_CTX ctx;
-
-       if (!SHA256_Init(&ctx))
-               return -EFAULT;
-       SHA256_Transform(&ctx, data_in);
-       rte_memcpy(data_out, &ctx, SHA256_DIGEST_LENGTH);
-       return 0;
-}
-
-static int partial_hash_sha384(uint8_t *data_in, uint8_t *data_out)
-{
-       SHA512_CTX ctx;
-
-       if (!SHA384_Init(&ctx))
-               return -EFAULT;
-       SHA512_Transform(&ctx, data_in);
-       rte_memcpy(data_out, &ctx, SHA512_DIGEST_LENGTH);
-       return 0;
-}
-
-static int partial_hash_sha512(uint8_t *data_in, uint8_t *data_out)
-{
-       SHA512_CTX ctx;
-
-       if (!SHA512_Init(&ctx))
-               return -EFAULT;
-       SHA512_Transform(&ctx, data_in);
-       rte_memcpy(data_out, &ctx, SHA512_DIGEST_LENGTH);
-       return 0;
-}
-
-static int partial_hash_md5(uint8_t *data_in, uint8_t *data_out)
-{
-       MD5_CTX ctx;
-
-       if (!MD5_Init(&ctx))
-               return -EFAULT;
-       MD5_Transform(&ctx, data_in);
-       rte_memcpy(data_out, &ctx, MD5_DIGEST_LENGTH);
-
-       return 0;
-}
-
 static int
 partial_hash_compute(enum icp_qat_hw_auth_algo hash_alg,
                 uint8_t *data_in, uint8_t *data_out)
 {
+       IMB_MGR *m;
+       uint32_t *hash_state_out_be32;
+       uint64_t *hash_state_out_be64;
         int digest_size;
         uint8_t digest[qat_hash_get_digest_size(
                         ICP_QAT_HW_AUTH_ALGO_DELIMITER)];
-       uint32_t *hash_state_out_be32;
-       uint64_t *hash_state_out_be64;
         int i;

+       hash_state_out_be32 = (uint32_t *)data_out;
+       hash_state_out_be64 = (uint64_t *)data_out;
+
         /* Initialize to avoid gcc warning */
         memset(digest, 0, sizeof(digest));

         digest_size = qat_hash_get_digest_size(hash_alg);
         if (digest_size <= 0)
                 return -EFAULT;
+       m = alloc_mb_mgr(0);
+       if (m == NULL)
+               return -ENOMEM;

-       hash_state_out_be32 = (uint32_t *)data_out;
-       hash_state_out_be64 = (uint64_t *)data_out;
+       init_mb_mgr_auto(m, NULL);

         switch (hash_alg) {
         case ICP_QAT_HW_AUTH_ALGO_SHA1:
-               if (partial_hash_sha1(data_in, digest))
-                       return -EFAULT;
+               IMB_SHA1_ONE_BLOCK(m, data_in, digest);
                 for (i = 0; i < digest_size >> 2; i++, hash_state_out_be32++)
                         *hash_state_out_be32 =
                                 rte_bswap32(*(((uint32_t *)digest)+i));
                 break;
         case ICP_QAT_HW_AUTH_ALGO_SHA224:
-               if (partial_hash_sha224(data_in, digest))
-                       return -EFAULT;
+               IMB_SHA224_ONE_BLOCK(m, data_in, digest);
                 for (i = 0; i < digest_size >> 2; i++, hash_state_out_be32++)
                         *hash_state_out_be32 =
                                 rte_bswap32(*(((uint32_t *)digest)+i));
                 break;
         case ICP_QAT_HW_AUTH_ALGO_SHA256:
-               if (partial_hash_sha256(data_in, digest))
-                       return -EFAULT;
+               IMB_SHA256_ONE_BLOCK(m, data_in, digest);
                 for (i = 0; i < digest_size >> 2; i++, hash_state_out_be32++)
                         *hash_state_out_be32 =
                                 rte_bswap32(*(((uint32_t *)digest)+i));
                 break;
         case ICP_QAT_HW_AUTH_ALGO_SHA384:
-               if (partial_hash_sha384(data_in, digest))
-                       return -EFAULT;
+               IMB_SHA384_ONE_BLOCK(m, data_in, digest);
                 for (i = 0; i < digest_size >> 3; i++, hash_state_out_be64++)
                         *hash_state_out_be64 =
                                 rte_bswap64(*(((uint64_t *)digest)+i));
                 break;
         case ICP_QAT_HW_AUTH_ALGO_SHA512:
-               if (partial_hash_sha512(data_in, digest))
-                       return -EFAULT;
+               IMB_SHA512_ONE_BLOCK(m, data_in, digest);
                 for (i = 0; i < digest_size >> 3; i++, hash_state_out_be64++)
                         *hash_state_out_be64 =
                                 rte_bswap64(*(((uint64_t *)digest)+i));
                 break;
         case ICP_QAT_HW_AUTH_ALGO_MD5:
-               if (partial_hash_md5(data_in, data_out))
-                       return -EFAULT;
+               IMB_MD5_ONE_BLOCK(m, data_in, data_out);
                 break;
         default:
                 QAT_LOG(ERR, "invalid hash alg %u", hash_alg);
                 return -EFAULT;
         }

+       free_mb_mgr(m);
         return 0;
 }
 #define HMAC_IPAD_VALUE 0x36
--
2.32.0
Changchun Zhang April 20, 2022, 6:14 p.m. UTC | #2
Hello,

Can I know the status of this patch, and the possible impact on any existing applications because the partial hash is switched from OpenSSL to intel-ipsec-mb which is not under FIPS certification?

Thanks!
Changchun

From: Changchun Zhang <changchun.zhang@oracle.com>
Date: Thursday, April 14, 2022 at 2:46 PM
To: Fan Zhang <roy.fan.zhang@intel.com>, dev@dpdk.org <dev@dpdk.org>
Cc: kai.ji@intel.com <kai.ji@intel.com>, gakhil@marvell.com <gakhil@marvell.com>, pablo.de.lara.guarch@intel.com <pablo.de.lara.guarch@intel.com>, Fan Zhang <roy.fan.zhang@intel.com>
Subject: Re: [External] : [PATCH] crypto/qat: use intel-ipsec-mb for partial hash
Hi Fan,

Does it mean the intel-ipsec-mb would be prerequisite of applying QAT offloading for security application? It this is the case, as I know, the intel-ipsec-mb has no FIPS certification yet. Thus I am thinking this would impact existing QAT based security application, right?

Best Regards,
Changchun Zhang

From: Fan Zhang <roy.fan.zhang@intel.com>
Date: Thursday, April 7, 2022 at 11:29 AM
To: dev@dpdk.org <dev@dpdk.org>
Cc: kai.ji@intel.com <kai.ji@intel.com>, gakhil@marvell.com <gakhil@marvell.com>, pablo.de.lara.guarch@intel.com <pablo.de.lara.guarch@intel.com>, Fan Zhang <roy.fan.zhang@intel.com>
Subject: [External] : [PATCH] crypto/qat: use intel-ipsec-mb for partial hash
Since openssl 3.0 now deprecates the low level API QAT required to
perform partial hash operation when creating the session. This
patch is to transfer such dependency from openssl to intel-ipsec-mb.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
---
 drivers/common/qat/meson.build       |  10 +++
 drivers/crypto/qat/qat_sym_session.c | 101 +++++----------------------
 2 files changed, 28 insertions(+), 83 deletions(-)

diff --git a/drivers/common/qat/meson.build b/drivers/common/qat/meson.build
index b7027f3164..d35fc69d96 100644
--- a/drivers/common/qat/meson.build
+++ b/drivers/common/qat/meson.build
@@ -35,6 +35,16 @@ if qat_crypto and not libcrypto.found()
             'missing dependency, libcrypto')
 endif

+
+IMB_required_ver = '1.0.0'
+libipsecmb = cc.find_library('IPSec_MB', required: false)
+if not lib.found()
+    build = false
+    reason = 'missing dependency, "libIPSec_MB"'
+else
+    ext_deps += libipsecmb
+endif
+
 # The driver should not build if both compression and crypto are disabled
 #FIXME common code depends on compression files so check only compress!
 if not qat_compress # and not qat_crypto
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 9d6a19c0be..05a11db750 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -6,6 +6,7 @@
 #include <openssl/aes.h>        /* Needed to calculate pre-compute values */
 #include <openssl/md5.h>        /* Needed to calculate pre-compute values */
 #include <openssl/evp.h>        /* Needed for bpi runt block processing */
+#include <intel-ipsec-mb.h>

 #include <rte_memcpy.h>
 #include <rte_common.h>
@@ -1057,139 +1058,73 @@ static int qat_hash_get_block_size(enum icp_qat_hw_auth_algo qat_hash_alg)
         return -EFAULT;
 }

-static int partial_hash_sha1(uint8_t *data_in, uint8_t *data_out)
-{
-       SHA_CTX ctx;
-
-       if (!SHA1_Init(&ctx))
-               return -EFAULT;
-       SHA1_Transform(&ctx, data_in);
-       rte_memcpy(data_out, &ctx, SHA_DIGEST_LENGTH);
-       return 0;
-}
-
-static int partial_hash_sha224(uint8_t *data_in, uint8_t *data_out)
-{
-       SHA256_CTX ctx;
-
-       if (!SHA224_Init(&ctx))
-               return -EFAULT;
-       SHA256_Transform(&ctx, data_in);
-       rte_memcpy(data_out, &ctx, SHA256_DIGEST_LENGTH);
-       return 0;
-}
-
-static int partial_hash_sha256(uint8_t *data_in, uint8_t *data_out)
-{
-       SHA256_CTX ctx;
-
-       if (!SHA256_Init(&ctx))
-               return -EFAULT;
-       SHA256_Transform(&ctx, data_in);
-       rte_memcpy(data_out, &ctx, SHA256_DIGEST_LENGTH);
-       return 0;
-}
-
-static int partial_hash_sha384(uint8_t *data_in, uint8_t *data_out)
-{
-       SHA512_CTX ctx;
-
-       if (!SHA384_Init(&ctx))
-               return -EFAULT;
-       SHA512_Transform(&ctx, data_in);
-       rte_memcpy(data_out, &ctx, SHA512_DIGEST_LENGTH);
-       return 0;
-}
-
-static int partial_hash_sha512(uint8_t *data_in, uint8_t *data_out)
-{
-       SHA512_CTX ctx;
-
-       if (!SHA512_Init(&ctx))
-               return -EFAULT;
-       SHA512_Transform(&ctx, data_in);
-       rte_memcpy(data_out, &ctx, SHA512_DIGEST_LENGTH);
-       return 0;
-}
-
-static int partial_hash_md5(uint8_t *data_in, uint8_t *data_out)
-{
-       MD5_CTX ctx;
-
-       if (!MD5_Init(&ctx))
-               return -EFAULT;
-       MD5_Transform(&ctx, data_in);
-       rte_memcpy(data_out, &ctx, MD5_DIGEST_LENGTH);
-
-       return 0;
-}
-
 static int
 partial_hash_compute(enum icp_qat_hw_auth_algo hash_alg,
                 uint8_t *data_in, uint8_t *data_out)
 {
+       IMB_MGR *m;
+       uint32_t *hash_state_out_be32;
+       uint64_t *hash_state_out_be64;
         int digest_size;
         uint8_t digest[qat_hash_get_digest_size(
                         ICP_QAT_HW_AUTH_ALGO_DELIMITER)];
-       uint32_t *hash_state_out_be32;
-       uint64_t *hash_state_out_be64;
         int i;

+       hash_state_out_be32 = (uint32_t *)data_out;
+       hash_state_out_be64 = (uint64_t *)data_out;
+
         /* Initialize to avoid gcc warning */
         memset(digest, 0, sizeof(digest));

         digest_size = qat_hash_get_digest_size(hash_alg);
         if (digest_size <= 0)
                 return -EFAULT;
+       m = alloc_mb_mgr(0);
+       if (m == NULL)
+               return -ENOMEM;

-       hash_state_out_be32 = (uint32_t *)data_out;
-       hash_state_out_be64 = (uint64_t *)data_out;
+       init_mb_mgr_auto(m, NULL);

         switch (hash_alg) {
         case ICP_QAT_HW_AUTH_ALGO_SHA1:
-               if (partial_hash_sha1(data_in, digest))
-                       return -EFAULT;
+               IMB_SHA1_ONE_BLOCK(m, data_in, digest);
                 for (i = 0; i < digest_size >> 2; i++, hash_state_out_be32++)
                         *hash_state_out_be32 =
                                 rte_bswap32(*(((uint32_t *)digest)+i));
                 break;
         case ICP_QAT_HW_AUTH_ALGO_SHA224:
-               if (partial_hash_sha224(data_in, digest))
-                       return -EFAULT;
+               IMB_SHA224_ONE_BLOCK(m, data_in, digest);
                 for (i = 0; i < digest_size >> 2; i++, hash_state_out_be32++)
                         *hash_state_out_be32 =
                                 rte_bswap32(*(((uint32_t *)digest)+i));
                 break;
         case ICP_QAT_HW_AUTH_ALGO_SHA256:
-               if (partial_hash_sha256(data_in, digest))
-                       return -EFAULT;
+               IMB_SHA256_ONE_BLOCK(m, data_in, digest);
                 for (i = 0; i < digest_size >> 2; i++, hash_state_out_be32++)
                         *hash_state_out_be32 =
                                 rte_bswap32(*(((uint32_t *)digest)+i));
                 break;
         case ICP_QAT_HW_AUTH_ALGO_SHA384:
-               if (partial_hash_sha384(data_in, digest))
-                       return -EFAULT;
+               IMB_SHA384_ONE_BLOCK(m, data_in, digest);
                 for (i = 0; i < digest_size >> 3; i++, hash_state_out_be64++)
                         *hash_state_out_be64 =
                                 rte_bswap64(*(((uint64_t *)digest)+i));
                 break;
         case ICP_QAT_HW_AUTH_ALGO_SHA512:
-               if (partial_hash_sha512(data_in, digest))
-                       return -EFAULT;
+               IMB_SHA512_ONE_BLOCK(m, data_in, digest);
                 for (i = 0; i < digest_size >> 3; i++, hash_state_out_be64++)
                         *hash_state_out_be64 =
                                 rte_bswap64(*(((uint64_t *)digest)+i));
                 break;
         case ICP_QAT_HW_AUTH_ALGO_MD5:
-               if (partial_hash_md5(data_in, data_out))
-                       return -EFAULT;
+               IMB_MD5_ONE_BLOCK(m, data_in, data_out);
                 break;
         default:
                 QAT_LOG(ERR, "invalid hash alg %u", hash_alg);
                 return -EFAULT;
         }

+       free_mb_mgr(m);
         return 0;
 }
 #define HMAC_IPAD_VALUE 0x36
--
2.32.0
Kai Ji May 17, 2022, 2:21 p.m. UTC | #3
Please see v2: http://patchwork.dpdk.org/project/dpdk/list/?series=22973

Regards

Kai


Does it mean the intel-ipsec-mb would be prerequisite of applying QAT offloading for security application? It this is the case, as I know, the intel-ipsec-mb has no FIPS certification yet. Thus I am thinking this would impact existing QAT based security application, right?

Best Regards,
Changchun Zhang
diff mbox series

Patch

diff --git a/drivers/common/qat/meson.build b/drivers/common/qat/meson.build
index b7027f3164..d35fc69d96 100644
--- a/drivers/common/qat/meson.build
+++ b/drivers/common/qat/meson.build
@@ -35,6 +35,16 @@  if qat_crypto and not libcrypto.found()
             'missing dependency, libcrypto')
 endif
 
+
+IMB_required_ver = '1.0.0'
+libipsecmb = cc.find_library('IPSec_MB', required: false)
+if not lib.found()
+    build = false
+    reason = 'missing dependency, "libIPSec_MB"'
+else
+    ext_deps += libipsecmb
+endif
+
 # The driver should not build if both compression and crypto are disabled
 #FIXME common code depends on compression files so check only compress!
 if not qat_compress # and not qat_crypto
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 9d6a19c0be..05a11db750 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -6,6 +6,7 @@ 
 #include <openssl/aes.h>	/* Needed to calculate pre-compute values */
 #include <openssl/md5.h>	/* Needed to calculate pre-compute values */
 #include <openssl/evp.h>	/* Needed for bpi runt block processing */
+#include <intel-ipsec-mb.h>
 
 #include <rte_memcpy.h>
 #include <rte_common.h>
@@ -1057,139 +1058,73 @@  static int qat_hash_get_block_size(enum icp_qat_hw_auth_algo qat_hash_alg)
 	return -EFAULT;
 }
 
-static int partial_hash_sha1(uint8_t *data_in, uint8_t *data_out)
-{
-	SHA_CTX ctx;
-
-	if (!SHA1_Init(&ctx))
-		return -EFAULT;
-	SHA1_Transform(&ctx, data_in);
-	rte_memcpy(data_out, &ctx, SHA_DIGEST_LENGTH);
-	return 0;
-}
-
-static int partial_hash_sha224(uint8_t *data_in, uint8_t *data_out)
-{
-	SHA256_CTX ctx;
-
-	if (!SHA224_Init(&ctx))
-		return -EFAULT;
-	SHA256_Transform(&ctx, data_in);
-	rte_memcpy(data_out, &ctx, SHA256_DIGEST_LENGTH);
-	return 0;
-}
-
-static int partial_hash_sha256(uint8_t *data_in, uint8_t *data_out)
-{
-	SHA256_CTX ctx;
-
-	if (!SHA256_Init(&ctx))
-		return -EFAULT;
-	SHA256_Transform(&ctx, data_in);
-	rte_memcpy(data_out, &ctx, SHA256_DIGEST_LENGTH);
-	return 0;
-}
-
-static int partial_hash_sha384(uint8_t *data_in, uint8_t *data_out)
-{
-	SHA512_CTX ctx;
-
-	if (!SHA384_Init(&ctx))
-		return -EFAULT;
-	SHA512_Transform(&ctx, data_in);
-	rte_memcpy(data_out, &ctx, SHA512_DIGEST_LENGTH);
-	return 0;
-}
-
-static int partial_hash_sha512(uint8_t *data_in, uint8_t *data_out)
-{
-	SHA512_CTX ctx;
-
-	if (!SHA512_Init(&ctx))
-		return -EFAULT;
-	SHA512_Transform(&ctx, data_in);
-	rte_memcpy(data_out, &ctx, SHA512_DIGEST_LENGTH);
-	return 0;
-}
-
-static int partial_hash_md5(uint8_t *data_in, uint8_t *data_out)
-{
-	MD5_CTX ctx;
-
-	if (!MD5_Init(&ctx))
-		return -EFAULT;
-	MD5_Transform(&ctx, data_in);
-	rte_memcpy(data_out, &ctx, MD5_DIGEST_LENGTH);
-
-	return 0;
-}
-
 static int
 partial_hash_compute(enum icp_qat_hw_auth_algo hash_alg,
 		uint8_t *data_in, uint8_t *data_out)
 {
+	IMB_MGR *m;
+	uint32_t *hash_state_out_be32;
+	uint64_t *hash_state_out_be64;
 	int digest_size;
 	uint8_t digest[qat_hash_get_digest_size(
 			ICP_QAT_HW_AUTH_ALGO_DELIMITER)];
-	uint32_t *hash_state_out_be32;
-	uint64_t *hash_state_out_be64;
 	int i;
 
+	hash_state_out_be32 = (uint32_t *)data_out;
+	hash_state_out_be64 = (uint64_t *)data_out;
+
 	/* Initialize to avoid gcc warning */
 	memset(digest, 0, sizeof(digest));
 
 	digest_size = qat_hash_get_digest_size(hash_alg);
 	if (digest_size <= 0)
 		return -EFAULT;
+	m = alloc_mb_mgr(0);
+	if (m == NULL)
+		return -ENOMEM;
 
-	hash_state_out_be32 = (uint32_t *)data_out;
-	hash_state_out_be64 = (uint64_t *)data_out;
+	init_mb_mgr_auto(m, NULL);
 
 	switch (hash_alg) {
 	case ICP_QAT_HW_AUTH_ALGO_SHA1:
-		if (partial_hash_sha1(data_in, digest))
-			return -EFAULT;
+		IMB_SHA1_ONE_BLOCK(m, data_in, digest);
 		for (i = 0; i < digest_size >> 2; i++, hash_state_out_be32++)
 			*hash_state_out_be32 =
 				rte_bswap32(*(((uint32_t *)digest)+i));
 		break;
 	case ICP_QAT_HW_AUTH_ALGO_SHA224:
-		if (partial_hash_sha224(data_in, digest))
-			return -EFAULT;
+		IMB_SHA224_ONE_BLOCK(m, data_in, digest);
 		for (i = 0; i < digest_size >> 2; i++, hash_state_out_be32++)
 			*hash_state_out_be32 =
 				rte_bswap32(*(((uint32_t *)digest)+i));
 		break;
 	case ICP_QAT_HW_AUTH_ALGO_SHA256:
-		if (partial_hash_sha256(data_in, digest))
-			return -EFAULT;
+		IMB_SHA256_ONE_BLOCK(m, data_in, digest);
 		for (i = 0; i < digest_size >> 2; i++, hash_state_out_be32++)
 			*hash_state_out_be32 =
 				rte_bswap32(*(((uint32_t *)digest)+i));
 		break;
 	case ICP_QAT_HW_AUTH_ALGO_SHA384:
-		if (partial_hash_sha384(data_in, digest))
-			return -EFAULT;
+		IMB_SHA384_ONE_BLOCK(m, data_in, digest);
 		for (i = 0; i < digest_size >> 3; i++, hash_state_out_be64++)
 			*hash_state_out_be64 =
 				rte_bswap64(*(((uint64_t *)digest)+i));
 		break;
 	case ICP_QAT_HW_AUTH_ALGO_SHA512:
-		if (partial_hash_sha512(data_in, digest))
-			return -EFAULT;
+		IMB_SHA512_ONE_BLOCK(m, data_in, digest);
 		for (i = 0; i < digest_size >> 3; i++, hash_state_out_be64++)
 			*hash_state_out_be64 =
 				rte_bswap64(*(((uint64_t *)digest)+i));
 		break;
 	case ICP_QAT_HW_AUTH_ALGO_MD5:
-		if (partial_hash_md5(data_in, data_out))
-			return -EFAULT;
+		IMB_MD5_ONE_BLOCK(m, data_in, data_out);
 		break;
 	default:
 		QAT_LOG(ERR, "invalid hash alg %u", hash_alg);
 		return -EFAULT;
 	}
 
+	free_mb_mgr(m);
 	return 0;
 }
 #define HMAC_IPAD_VALUE	0x36