* [PATCH v1 2/3] crypto/ipsec_mb: add HMAC SM3 algorithm support
2024-09-06 12:39 [PATCH v1 1/3] crypto/ipsec_mb: add SM3 algorithm support Brian Dooley
@ 2024-09-06 12:39 ` Brian Dooley
2024-09-06 12:39 ` [PATCH v1 3/3] crypto/ipsec_mb: add SM4 " Brian Dooley
` (2 subsequent siblings)
3 siblings, 0 replies; 18+ messages in thread
From: Brian Dooley @ 2024-09-06 12:39 UTC (permalink / raw)
To: Kai Ji, Pablo de Lara; +Cc: dev, gakhil, Brian Dooley
This patch introduces HMAC SM3 algorithm support to the AESNI_MB PMD.
Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 3 +++
drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 24 ++++++++++++++++++++-
2 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 4711b7f590..019867fe1c 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -381,6 +381,9 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
case RTE_CRYPTO_AUTH_SM3:
sess->template_job.hash_alg = IMB_AUTH_SM3;
break;
+ case RTE_CRYPTO_AUTH_SM3_HMAC:
+ sess->template_job.hash_alg = IMB_AUTH_HMAC_SM3;
+ break;
#endif
default:
IPSEC_MB_LOG(ERR,
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 90d2702a01..24c2686952 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -753,6 +753,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
}, }
}, }
},
+ { /* HMAC SM3 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SM3_HMAC,
+ .block_size = 64,
+ .key_size = {
+ .min = 1,
+ .max = 65535,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 1
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
@@ -863,7 +884,8 @@ static const unsigned int auth_digest_byte_lengths[] = {
[IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4,
[IMB_AUTH_KASUMI_UIA1] = 4,
#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
- [IMB_AUTH_SM3] = 32
+ [IMB_AUTH_SM3] = 32,
+ [IMB_AUTH_HMAC_SM3] = 32,
#endif
/**< Vector mode dependent pointer table of the multi-buffer APIs */
--
2.25.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* [PATCH v1 3/3] crypto/ipsec_mb: add SM4 algorithm support
2024-09-06 12:39 [PATCH v1 1/3] crypto/ipsec_mb: add SM3 algorithm support Brian Dooley
2024-09-06 12:39 ` [PATCH v1 2/3] crypto/ipsec_mb: add HMAC " Brian Dooley
@ 2024-09-06 12:39 ` Brian Dooley
2024-09-18 5:53 ` [EXTERNAL] " Akhil Goyal
2024-09-30 13:55 ` [PATCH v2 1/4] crypto/ipsec_mb: add SM3 " Brian Dooley
2024-10-03 17:05 ` [PATCH v3 1/3] crypto/ipsec_mb: add SM3 algorithm support Brian Dooley
3 siblings, 1 reply; 18+ messages in thread
From: Brian Dooley @ 2024-09-06 12:39 UTC (permalink / raw)
To: Kai Ji, Pablo de Lara; +Cc: dev, gakhil, Brian Dooley
This patch introduces SM4 algorithm support to the AESNI_MB PMD.
Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 22 ++++++++++
drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 47 +++++++++++++++++++++
2 files changed, 69 insertions(+)
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 019867fe1c..1dbffb1337 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -451,6 +451,9 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
uint8_t is_zuc = 0;
uint8_t is_snow3g = 0;
uint8_t is_kasumi = 0;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+ uint8_t is_sm4 = 0;
+#endif
if (xform == NULL) {
sess->template_job.cipher_mode = IMB_CIPHER_NULL;
@@ -521,6 +524,16 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
sess->iv.offset = xform->cipher.iv.offset;
sess->template_job.iv_len_in_bytes = xform->cipher.iv.length;
return 0;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+ case RTE_CRYPTO_CIPHER_SM4_CBC:
+ sess->template_job.cipher_mode = IMB_CIPHER_SM4_CBC;
+ is_sm4 = 1;
+ break;
+ case RTE_CRYPTO_CIPHER_SM4_ECB:
+ sess->template_job.cipher_mode = IMB_CIPHER_SM4_ECB;
+ is_sm4 = 1;
+ break;
+#endif
default:
IPSEC_MB_LOG(ERR, "Unsupported cipher mode parameter");
return -ENOTSUP;
@@ -655,6 +668,15 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
&sess->cipher.pKeySched_kasumi_cipher);
sess->template_job.enc_keys = &sess->cipher.pKeySched_kasumi_cipher;
sess->template_job.dec_keys = &sess->cipher.pKeySched_kasumi_cipher;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+ } else if (is_sm4) {
+ sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
+ IMB_SM4_KEYEXP(mb_mgr, xform->cipher.key.data,
+ sess->cipher.expanded_sm4_keys.encode,
+ sess->cipher.expanded_sm4_keys.decode);
+ sess->template_job.enc_keys = sess->cipher.expanded_sm4_keys.encode;
+ sess->template_job.dec_keys = sess->cipher.expanded_sm4_keys.decode;
+#endif
} else {
if (xform->cipher.key.length != 8) {
IPSEC_MB_LOG(ERR, "Invalid cipher key length");
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 24c2686952..e9d605d646 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -774,6 +774,42 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
}, }
}, }
},
+ { /* SM4 CBC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_SM4_CBC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ { /* SM4 ECB */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_SM4_ECB,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
@@ -951,6 +987,17 @@ struct __rte_cache_aligned aesni_mb_session {
/* *< SNOW3G scheduled cipher key */
kasumi_key_sched_t pKeySched_kasumi_cipher;
/* *< KASUMI scheduled cipher key */
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+ struct {
+ alignas(16) uint32_t encode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
+ /* *< encode key */
+ alignas(16) uint32_t decode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
+ /* *< decode key */
+ } expanded_sm4_keys;
+ /* *< Expanded SM4 keys - Original 128 bit key is
+ * expanded into 32 round keys, each 32 bits.
+ */
+#endif
};
} cipher;
--
2.25.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* RE: [EXTERNAL] [PATCH v1 3/3] crypto/ipsec_mb: add SM4 algorithm support
2024-09-06 12:39 ` [PATCH v1 3/3] crypto/ipsec_mb: add SM4 " Brian Dooley
@ 2024-09-18 5:53 ` Akhil Goyal
0 siblings, 0 replies; 18+ messages in thread
From: Akhil Goyal @ 2024-09-18 5:53 UTC (permalink / raw)
To: Brian Dooley, Kai Ji, Pablo de Lara; +Cc: dev
> This patch introduces SM4 algorithm support to the AESNI_MB PMD.
>
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>
> ---
> drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 22 ++++++++++
> drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 47 +++++++++++++++++++++
> 2 files changed, 69 insertions(+)
Update corresponding .ini file for the newly added algos.
Also update release notes.
>
> diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> index 019867fe1c..1dbffb1337 100644
> --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> @@ -451,6 +451,9 @@ aesni_mb_set_session_cipher_parameters(const
> IMB_MGR *mb_mgr,
> uint8_t is_zuc = 0;
> uint8_t is_snow3g = 0;
> uint8_t is_kasumi = 0;
> +#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
> + uint8_t is_sm4 = 0;
> +#endif
>
> if (xform == NULL) {
> sess->template_job.cipher_mode = IMB_CIPHER_NULL;
> @@ -521,6 +524,16 @@ aesni_mb_set_session_cipher_parameters(const
> IMB_MGR *mb_mgr,
> sess->iv.offset = xform->cipher.iv.offset;
> sess->template_job.iv_len_in_bytes = xform->cipher.iv.length;
> return 0;
> +#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
> + case RTE_CRYPTO_CIPHER_SM4_CBC:
> + sess->template_job.cipher_mode = IMB_CIPHER_SM4_CBC;
> + is_sm4 = 1;
> + break;
> + case RTE_CRYPTO_CIPHER_SM4_ECB:
> + sess->template_job.cipher_mode = IMB_CIPHER_SM4_ECB;
> + is_sm4 = 1;
> + break;
> +#endif
> default:
> IPSEC_MB_LOG(ERR, "Unsupported cipher mode parameter");
> return -ENOTSUP;
> @@ -655,6 +668,15 @@ aesni_mb_set_session_cipher_parameters(const
> IMB_MGR *mb_mgr,
> &sess-
> >cipher.pKeySched_kasumi_cipher);
> sess->template_job.enc_keys = &sess-
> >cipher.pKeySched_kasumi_cipher;
> sess->template_job.dec_keys = &sess-
> >cipher.pKeySched_kasumi_cipher;
> +#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
> + } else if (is_sm4) {
> + sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
> + IMB_SM4_KEYEXP(mb_mgr, xform->cipher.key.data,
> + sess->cipher.expanded_sm4_keys.encode,
> + sess->cipher.expanded_sm4_keys.decode);
> + sess->template_job.enc_keys = sess-
> >cipher.expanded_sm4_keys.encode;
> + sess->template_job.dec_keys = sess-
> >cipher.expanded_sm4_keys.decode;
> +#endif
> } else {
> if (xform->cipher.key.length != 8) {
> IPSEC_MB_LOG(ERR, "Invalid cipher key length");
> diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> index 24c2686952..e9d605d646 100644
> --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> @@ -774,6 +774,42 @@ static const struct rte_cryptodev_capabilities
> aesni_mb_capabilities[] = {
> }, }
> }, }
> },
> + { /* SM4 CBC */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> + {.cipher = {
> + .algo = RTE_CRYPTO_CIPHER_SM4_CBC,
> + .block_size = 16,
> + .key_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + },
> + .iv_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + }
> + }, }
> + }, }
> + },
> + { /* SM4 ECB */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> + {.cipher = {
> + .algo = RTE_CRYPTO_CIPHER_SM4_ECB,
> + .block_size = 16,
> + .key_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + },
> + .iv_size = { 0 }
> + }, }
> + }, }
> + },
> RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
> };
>
> @@ -951,6 +987,17 @@ struct __rte_cache_aligned aesni_mb_session {
> /* *< SNOW3G scheduled cipher key */
> kasumi_key_sched_t pKeySched_kasumi_cipher;
> /* *< KASUMI scheduled cipher key */
> +#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
> + struct {
> + alignas(16) uint32_t
> encode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
> + /* *< encode key */
> + alignas(16) uint32_t
> decode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
> + /* *< decode key */
> + } expanded_sm4_keys;
> + /* *< Expanded SM4 keys - Original 128 bit key is
> + * expanded into 32 round keys, each 32 bits.
> + */
> +#endif
> };
> } cipher;
>
> --
> 2.25.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* [PATCH v2 1/4] crypto/ipsec_mb: add SM3 algorithm support
2024-09-06 12:39 [PATCH v1 1/3] crypto/ipsec_mb: add SM3 algorithm support Brian Dooley
2024-09-06 12:39 ` [PATCH v1 2/3] crypto/ipsec_mb: add HMAC " Brian Dooley
2024-09-06 12:39 ` [PATCH v1 3/3] crypto/ipsec_mb: add SM4 " Brian Dooley
@ 2024-09-30 13:55 ` Brian Dooley
2024-09-30 13:55 ` [PATCH v2 2/4] crypto/ipsec_mb: add HMAC " Brian Dooley
` (2 more replies)
2024-10-03 17:05 ` [PATCH v3 1/3] crypto/ipsec_mb: add SM3 algorithm support Brian Dooley
3 siblings, 3 replies; 18+ messages in thread
From: Brian Dooley @ 2024-09-30 13:55 UTC (permalink / raw)
To: Kai Ji, Pablo de Lara; +Cc: dev, gakhil, Brian Dooley
This patch introduces SM3 algorithm support to the AESNI_MB PMD.
Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 5 ++++
drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 26 ++++++++++++++++++++-
2 files changed, 30 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index ef4228bd38..4711b7f590 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -377,6 +377,11 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
sess->template_job.hash_alg = IMB_AUTH_SHA_512;
auth_precompute = 0;
break;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+ case RTE_CRYPTO_AUTH_SM3:
+ sess->template_job.hash_alg = IMB_AUTH_SM3;
+ break;
+#endif
default:
IPSEC_MB_LOG(ERR,
"Unsupported authentication algorithm selection");
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index d6af2d4ded..90d2702a01 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -732,6 +732,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
}, }
}, }
},
+ { /* SM3 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SM3,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 1
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
@@ -840,7 +861,10 @@ static const unsigned int auth_digest_byte_lengths[] = {
[IMB_AUTH_SHA_512] = 64,
[IMB_AUTH_ZUC_EIA3_BITLEN] = 4,
[IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4,
- [IMB_AUTH_KASUMI_UIA1] = 4
+ [IMB_AUTH_KASUMI_UIA1] = 4,
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+ [IMB_AUTH_SM3] = 32
+#endif
/**< Vector mode dependent pointer table of the multi-buffer APIs */
};
--
2.25.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* [PATCH v2 2/4] crypto/ipsec_mb: add HMAC SM3 algorithm support
2024-09-30 13:55 ` [PATCH v2 1/4] crypto/ipsec_mb: add SM3 " Brian Dooley
@ 2024-09-30 13:55 ` Brian Dooley
2024-09-30 13:55 ` [PATCH v2 3/4] crypto/ipsec_mb: add SM4 " Brian Dooley
2024-09-30 13:55 ` [PATCH v2 4/4] doc: updated feature matrix for AESNI MB PMD Brian Dooley
2 siblings, 0 replies; 18+ messages in thread
From: Brian Dooley @ 2024-09-30 13:55 UTC (permalink / raw)
To: Kai Ji, Pablo de Lara; +Cc: dev, gakhil, Brian Dooley
This patch introduces HMAC SM3 algorithm support to the AESNI_MB PMD.
Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 3 +++
drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 24 ++++++++++++++++++++-
2 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 4711b7f590..019867fe1c 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -381,6 +381,9 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
case RTE_CRYPTO_AUTH_SM3:
sess->template_job.hash_alg = IMB_AUTH_SM3;
break;
+ case RTE_CRYPTO_AUTH_SM3_HMAC:
+ sess->template_job.hash_alg = IMB_AUTH_HMAC_SM3;
+ break;
#endif
default:
IPSEC_MB_LOG(ERR,
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 90d2702a01..24c2686952 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -753,6 +753,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
}, }
}, }
},
+ { /* HMAC SM3 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SM3_HMAC,
+ .block_size = 64,
+ .key_size = {
+ .min = 1,
+ .max = 65535,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 1
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
@@ -863,7 +884,8 @@ static const unsigned int auth_digest_byte_lengths[] = {
[IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4,
[IMB_AUTH_KASUMI_UIA1] = 4,
#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
- [IMB_AUTH_SM3] = 32
+ [IMB_AUTH_SM3] = 32,
+ [IMB_AUTH_HMAC_SM3] = 32,
#endif
/**< Vector mode dependent pointer table of the multi-buffer APIs */
--
2.25.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* [PATCH v2 3/4] crypto/ipsec_mb: add SM4 algorithm support
2024-09-30 13:55 ` [PATCH v2 1/4] crypto/ipsec_mb: add SM3 " Brian Dooley
2024-09-30 13:55 ` [PATCH v2 2/4] crypto/ipsec_mb: add HMAC " Brian Dooley
@ 2024-09-30 13:55 ` Brian Dooley
2024-09-30 13:55 ` [PATCH v2 4/4] doc: updated feature matrix for AESNI MB PMD Brian Dooley
2 siblings, 0 replies; 18+ messages in thread
From: Brian Dooley @ 2024-09-30 13:55 UTC (permalink / raw)
To: Kai Ji, Pablo de Lara; +Cc: dev, gakhil, Brian Dooley
This patch introduces SM4 algorithm support for SM4 CBC, SM4 ECB
and SM4 CTR to the AESNI_MB PMD.
Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
v2:
Add Intel IPsec MB version check to capabilities
Add SM4 CTR algorithm support
---
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 26 ++++++++
drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 69 +++++++++++++++++++++
2 files changed, 95 insertions(+)
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 019867fe1c..8790b53b1a 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -451,6 +451,9 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
uint8_t is_zuc = 0;
uint8_t is_snow3g = 0;
uint8_t is_kasumi = 0;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+ uint8_t is_sm4 = 0;
+#endif
if (xform == NULL) {
sess->template_job.cipher_mode = IMB_CIPHER_NULL;
@@ -521,6 +524,20 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
sess->iv.offset = xform->cipher.iv.offset;
sess->template_job.iv_len_in_bytes = xform->cipher.iv.length;
return 0;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+ case RTE_CRYPTO_CIPHER_SM4_CBC:
+ sess->template_job.cipher_mode = IMB_CIPHER_SM4_CBC;
+ is_sm4 = 1;
+ break;
+ case RTE_CRYPTO_CIPHER_SM4_ECB:
+ sess->template_job.cipher_mode = IMB_CIPHER_SM4_ECB;
+ is_sm4 = 1;
+ break;
+ case RTE_CRYPTO_CIPHER_SM4_CTR:
+ sess->template_job.cipher_mode = IMB_CIPHER_SM4_CNTR;
+ is_sm4 = 1;
+ break;
+#endif
default:
IPSEC_MB_LOG(ERR, "Unsupported cipher mode parameter");
return -ENOTSUP;
@@ -655,6 +672,15 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
&sess->cipher.pKeySched_kasumi_cipher);
sess->template_job.enc_keys = &sess->cipher.pKeySched_kasumi_cipher;
sess->template_job.dec_keys = &sess->cipher.pKeySched_kasumi_cipher;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+ } else if (is_sm4) {
+ sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
+ IMB_SM4_KEYEXP(mb_mgr, xform->cipher.key.data,
+ sess->cipher.expanded_sm4_keys.encode,
+ sess->cipher.expanded_sm4_keys.decode);
+ sess->template_job.enc_keys = sess->cipher.expanded_sm4_keys.encode;
+ sess->template_job.dec_keys = sess->cipher.expanded_sm4_keys.decode;
+#endif
} else {
if (xform->cipher.key.length != 8) {
IPSEC_MB_LOG(ERR, "Invalid cipher key length");
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 24c2686952..af462d2569 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -732,6 +732,7 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
}, }
}, }
},
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
{ /* SM3 */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -774,6 +775,63 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
}, }
}, }
},
+ { /* SM4 CBC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_SM4_CBC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ { /* SM4 ECB */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_SM4_ECB,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
+ { /* SM4 CTR */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_SM4_CTR,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+#endif
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
@@ -951,6 +1009,17 @@ struct __rte_cache_aligned aesni_mb_session {
/* *< SNOW3G scheduled cipher key */
kasumi_key_sched_t pKeySched_kasumi_cipher;
/* *< KASUMI scheduled cipher key */
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+ struct {
+ alignas(16) uint32_t encode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
+ /* *< encode key */
+ alignas(16) uint32_t decode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
+ /* *< decode key */
+ } expanded_sm4_keys;
+ /* *< Expanded SM4 keys - Original 128 bit key is
+ * expanded into 32 round keys, each 32 bits.
+ */
+#endif
};
} cipher;
--
2.25.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* [PATCH v2 4/4] doc: updated feature matrix for AESNI MB PMD
2024-09-30 13:55 ` [PATCH v2 1/4] crypto/ipsec_mb: add SM3 " Brian Dooley
2024-09-30 13:55 ` [PATCH v2 2/4] crypto/ipsec_mb: add HMAC " Brian Dooley
2024-09-30 13:55 ` [PATCH v2 3/4] crypto/ipsec_mb: add SM4 " Brian Dooley
@ 2024-09-30 13:55 ` Brian Dooley
2024-10-01 7:59 ` [EXTERNAL] " Akhil Goyal
2024-10-01 8:00 ` Akhil Goyal
2 siblings, 2 replies; 18+ messages in thread
From: Brian Dooley @ 2024-09-30 13:55 UTC (permalink / raw)
To: Kai Ji, Pablo de Lara; +Cc: dev, gakhil, Brian Dooley
Added support to the AESNI MB PMD feature matrix for SM3, SM3 HMAC,
SM4 CBC, SM4 ECB, SM4 CTR. Updated release notes with same.
Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
doc/guides/cryptodevs/features/aesni_mb.ini | 5 +++++
doc/guides/rel_notes/release_24_11.rst | 4 ++++
2 files changed, 9 insertions(+)
diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini
index 8df5fa2c85..ebe00d075d 100644
--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@@ -42,6 +42,9 @@ AES ECB (256) = Y
ZUC EEA3 = Y
SNOW3G UEA2 = Y
KASUMI F8 = Y
+SM4 CBC = Y
+SM4 ECB = Y
+SM4 CTR = Y
;
; Supported authentication algorithms of the 'aesni_mb' crypto driver.
@@ -64,6 +67,8 @@ AES GMAC = Y
ZUC EIA3 = Y
SNOW3G UIA2 = Y
KASUMI F9 = Y
+SM3 = Y
+SM3 HMAC = Y
;
; Supported AEAD algorithms of the 'aesni_mb' crypto driver.
diff --git a/doc/guides/rel_notes/release_24_11.rst b/doc/guides/rel_notes/release_24_11.rst
index 0ff70d9057..ce88b0e84d 100644
--- a/doc/guides/rel_notes/release_24_11.rst
+++ b/doc/guides/rel_notes/release_24_11.rst
@@ -55,6 +55,10 @@ New Features
Also, make sure to start the actual text at the margin.
=======================================================
+* **Updated IPsec_MB crypto driver.**
+
+ * Added support for SM3, SM3 HMAC, SM4 CBC, SM4 ECB and SM4 CTR algorithms.
+
Removed Items
-------------
--
2.25.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* RE: [EXTERNAL] [PATCH v2 4/4] doc: updated feature matrix for AESNI MB PMD
2024-09-30 13:55 ` [PATCH v2 4/4] doc: updated feature matrix for AESNI MB PMD Brian Dooley
@ 2024-10-01 7:59 ` Akhil Goyal
2024-10-01 8:40 ` Dooley, Brian
2024-10-01 8:00 ` Akhil Goyal
1 sibling, 1 reply; 18+ messages in thread
From: Akhil Goyal @ 2024-10-01 7:59 UTC (permalink / raw)
To: Brian Dooley, Kai Ji, Pablo de Lara; +Cc: dev
> Added support to the AESNI MB PMD feature matrix for SM3, SM3 HMAC,
> SM4 CBC, SM4 ECB, SM4 CTR. Updated release notes with same.
>
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>
> ---
> doc/guides/cryptodevs/features/aesni_mb.ini | 5 +++++
> doc/guides/rel_notes/release_24_11.rst | 4 ++++
> 2 files changed, 9 insertions(+)
No need for separate documentation patch.
Please add doc updates in the patch where the code is added for that feature.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [EXTERNAL] [PATCH v2 4/4] doc: updated feature matrix for AESNI MB PMD
2024-10-01 7:59 ` [EXTERNAL] " Akhil Goyal
@ 2024-10-01 8:40 ` Dooley, Brian
0 siblings, 0 replies; 18+ messages in thread
From: Dooley, Brian @ 2024-10-01 8:40 UTC (permalink / raw)
To: Akhil Goyal, Ji, Kai, De Lara Guarch, Pablo; +Cc: dev
[-- Attachment #1: Type: text/plain, Size: 965 bytes --]
Thanks Akhil, I will add the documentation to the correct patch and tidy up the series. I also need to look into this CI issue.
________________________________
From: Akhil Goyal <gakhil@marvell.com>
Sent: Tuesday, October 1, 2024 8:59 AM
To: Dooley, Brian <brian.dooley@intel.com>; Ji, Kai <kai.ji@intel.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
Cc: dev@dpdk.org <dev@dpdk.org>
Subject: RE: [EXTERNAL] [PATCH v2 4/4] doc: updated feature matrix for AESNI MB PMD
> Added support to the AESNI MB PMD feature matrix for SM3, SM3 HMAC,
> SM4 CBC, SM4 ECB, SM4 CTR. Updated release notes with same.
>
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>
> ---
> doc/guides/cryptodevs/features/aesni_mb.ini | 5 +++++
> doc/guides/rel_notes/release_24_11.rst | 4 ++++
> 2 files changed, 9 insertions(+)
No need for separate documentation patch.
Please add doc updates in the patch where the code is added for that feature.
[-- Attachment #2: Type: text/html, Size: 1875 bytes --]
^ permalink raw reply [flat|nested] 18+ messages in thread
* RE: [EXTERNAL] [PATCH v2 4/4] doc: updated feature matrix for AESNI MB PMD
2024-09-30 13:55 ` [PATCH v2 4/4] doc: updated feature matrix for AESNI MB PMD Brian Dooley
2024-10-01 7:59 ` [EXTERNAL] " Akhil Goyal
@ 2024-10-01 8:00 ` Akhil Goyal
1 sibling, 0 replies; 18+ messages in thread
From: Akhil Goyal @ 2024-10-01 8:00 UTC (permalink / raw)
To: Brian Dooley, Kai Ji, Pablo de Lara; +Cc: dev
> Added support to the AESNI MB PMD feature matrix for SM3, SM3 HMAC,
> SM4 CBC, SM4 ECB, SM4 CTR. Updated release notes with same.
>
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>
> ---
> doc/guides/cryptodevs/features/aesni_mb.ini | 5 +++++
> doc/guides/rel_notes/release_24_11.rst | 4 ++++
> 2 files changed, 9 insertions(+)
>
The compilation of the patch is also failing in CI.
Please fix. I believe the new version of ipsec-mb need to be updated in CI?
^ permalink raw reply [flat|nested] 18+ messages in thread
* [PATCH v3 1/3] crypto/ipsec_mb: add SM3 algorithm support
2024-09-06 12:39 [PATCH v1 1/3] crypto/ipsec_mb: add SM3 algorithm support Brian Dooley
` (2 preceding siblings ...)
2024-09-30 13:55 ` [PATCH v2 1/4] crypto/ipsec_mb: add SM3 " Brian Dooley
@ 2024-10-03 17:05 ` Brian Dooley
2024-10-03 17:05 ` [PATCH v3 2/3] crypto/ipsec_mb: add HMAC " Brian Dooley
` (2 more replies)
3 siblings, 3 replies; 18+ messages in thread
From: Brian Dooley @ 2024-10-03 17:05 UTC (permalink / raw)
To: Kai Ji, Pablo de Lara; +Cc: dev, gakhil, Brian Dooley
This patch introduces SM3 algorithm support to the AESNI_MB PMD.
Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
v3:
Add ipsec mb version check
Add documentation
---
doc/guides/cryptodevs/aesni_mb.rst | 1 +
doc/guides/cryptodevs/features/aesni_mb.ini | 1 +
doc/guides/rel_notes/release_24_11.rst | 3 +++
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 5 ++++
drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 28 ++++++++++++++++++++-
5 files changed, 37 insertions(+), 1 deletion(-)
diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index 3c77d0f463..951f8a7ca8 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -56,6 +56,7 @@ Hash algorithms:
* RTE_CRYPTO_AUTH_ZUC_EIA3
* RTE_CRYPTO_AUTH_SNOW3G_UIA2
* RTE_CRYPTO_AUTH_KASUMI_F9
+* RTE_CRYPTO_AUTH_SM3
AEAD algorithms:
diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini
index 8df5fa2c85..abab926b36 100644
--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@@ -64,6 +64,7 @@ AES GMAC = Y
ZUC EIA3 = Y
SNOW3G UIA2 = Y
KASUMI F9 = Y
+SM3 = Y
;
; Supported AEAD algorithms of the 'aesni_mb' crypto driver.
diff --git a/doc/guides/rel_notes/release_24_11.rst b/doc/guides/rel_notes/release_24_11.rst
index 0ff70d9057..cd49f605b4 100644
--- a/doc/guides/rel_notes/release_24_11.rst
+++ b/doc/guides/rel_notes/release_24_11.rst
@@ -55,6 +55,9 @@ New Features
Also, make sure to start the actual text at the margin.
=======================================================
+* **Updated IPsec_MB crypto driver.**
+ * Added support for SM3 algorithm.
+
Removed Items
-------------
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index ef4228bd38..4711b7f590 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -377,6 +377,11 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
sess->template_job.hash_alg = IMB_AUTH_SHA_512;
auth_precompute = 0;
break;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+ case RTE_CRYPTO_AUTH_SM3:
+ sess->template_job.hash_alg = IMB_AUTH_SM3;
+ break;
+#endif
default:
IPSEC_MB_LOG(ERR,
"Unsupported authentication algorithm selection");
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index d6af2d4ded..50f78bc3ff 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -732,6 +732,29 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
}, }
}, }
},
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+ { /* SM3 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SM3,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 1
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
+#endif
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
@@ -840,7 +863,10 @@ static const unsigned int auth_digest_byte_lengths[] = {
[IMB_AUTH_SHA_512] = 64,
[IMB_AUTH_ZUC_EIA3_BITLEN] = 4,
[IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4,
- [IMB_AUTH_KASUMI_UIA1] = 4
+ [IMB_AUTH_KASUMI_UIA1] = 4,
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+ [IMB_AUTH_SM3] = 32
+#endif
/**< Vector mode dependent pointer table of the multi-buffer APIs */
};
--
2.25.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* [PATCH v3 2/3] crypto/ipsec_mb: add HMAC SM3 algorithm support
2024-10-03 17:05 ` [PATCH v3 1/3] crypto/ipsec_mb: add SM3 algorithm support Brian Dooley
@ 2024-10-03 17:05 ` Brian Dooley
2024-10-04 12:05 ` De Lara Guarch, Pablo
2024-10-03 17:05 ` [PATCH v3 3/3] crypto/ipsec_mb: add SM4 " Brian Dooley
2024-10-04 12:05 ` [PATCH v3 1/3] crypto/ipsec_mb: add SM3 " De Lara Guarch, Pablo
2 siblings, 1 reply; 18+ messages in thread
From: Brian Dooley @ 2024-10-03 17:05 UTC (permalink / raw)
To: Kai Ji, Pablo de Lara; +Cc: dev, gakhil, Brian Dooley
This patch introduces HMAC SM3 algorithm support to the AESNI_MB PMD.
Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
v3:
Add documentation
---
doc/guides/cryptodevs/aesni_mb.rst | 1 +
doc/guides/cryptodevs/features/aesni_mb.ini | 1 +
doc/guides/rel_notes/release_24_11.rst | 1 +
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 3 +++
drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 24 ++++++++++++++++++++-
5 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index 951f8a7ca8..f1073c3c0b 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -57,6 +57,7 @@ Hash algorithms:
* RTE_CRYPTO_AUTH_SNOW3G_UIA2
* RTE_CRYPTO_AUTH_KASUMI_F9
* RTE_CRYPTO_AUTH_SM3
+* RTE_CRYPTO_AUTH_SM3 HMAC
AEAD algorithms:
diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini
index abab926b36..b4e9a1f65b 100644
--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@@ -65,6 +65,7 @@ ZUC EIA3 = Y
SNOW3G UIA2 = Y
KASUMI F9 = Y
SM3 = Y
+SM3 HMAC = Y
;
; Supported AEAD algorithms of the 'aesni_mb' crypto driver.
diff --git a/doc/guides/rel_notes/release_24_11.rst b/doc/guides/rel_notes/release_24_11.rst
index cd49f605b4..b8b68780c5 100644
--- a/doc/guides/rel_notes/release_24_11.rst
+++ b/doc/guides/rel_notes/release_24_11.rst
@@ -57,6 +57,7 @@ New Features
* **Updated IPsec_MB crypto driver.**
* Added support for SM3 algorithm.
+ * Added support for SM3 HMAC algorithm.
Removed Items
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 4711b7f590..019867fe1c 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -381,6 +381,9 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
case RTE_CRYPTO_AUTH_SM3:
sess->template_job.hash_alg = IMB_AUTH_SM3;
break;
+ case RTE_CRYPTO_AUTH_SM3_HMAC:
+ sess->template_job.hash_alg = IMB_AUTH_HMAC_SM3;
+ break;
#endif
default:
IPSEC_MB_LOG(ERR,
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 50f78bc3ff..51104f159c 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -754,6 +754,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
}, }
}, }
},
+ { /* HMAC SM3 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SM3_HMAC,
+ .block_size = 64,
+ .key_size = {
+ .min = 1,
+ .max = 65535,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 1
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
#endif
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
@@ -865,7 +886,8 @@ static const unsigned int auth_digest_byte_lengths[] = {
[IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4,
[IMB_AUTH_KASUMI_UIA1] = 4,
#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
- [IMB_AUTH_SM3] = 32
+ [IMB_AUTH_SM3] = 32,
+ [IMB_AUTH_HMAC_SM3] = 32,
#endif
/**< Vector mode dependent pointer table of the multi-buffer APIs */
--
2.25.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* RE: [PATCH v3 2/3] crypto/ipsec_mb: add HMAC SM3 algorithm support
2024-10-03 17:05 ` [PATCH v3 2/3] crypto/ipsec_mb: add HMAC " Brian Dooley
@ 2024-10-04 12:05 ` De Lara Guarch, Pablo
0 siblings, 0 replies; 18+ messages in thread
From: De Lara Guarch, Pablo @ 2024-10-04 12:05 UTC (permalink / raw)
To: Dooley, Brian, Ji, Kai; +Cc: dev, gakhil
> -----Original Message-----
> From: Dooley, Brian <brian.dooley@intel.com>
> Sent: Thursday, October 3, 2024 6:05 PM
> To: Ji, Kai <kai.ji@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>
> Cc: dev@dpdk.org; gakhil@marvell.com; Dooley, Brian
> <brian.dooley@intel.com>
> Subject: [PATCH v3 2/3] crypto/ipsec_mb: add HMAC SM3 algorithm support
>
> This patch introduces HMAC SM3 algorithm support to the AESNI_MB PMD.
>
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
^ permalink raw reply [flat|nested] 18+ messages in thread
* [PATCH v3 3/3] crypto/ipsec_mb: add SM4 algorithm support
2024-10-03 17:05 ` [PATCH v3 1/3] crypto/ipsec_mb: add SM3 algorithm support Brian Dooley
2024-10-03 17:05 ` [PATCH v3 2/3] crypto/ipsec_mb: add HMAC " Brian Dooley
@ 2024-10-03 17:05 ` Brian Dooley
2024-10-04 12:05 ` De Lara Guarch, Pablo
2024-10-04 12:05 ` [PATCH v3 1/3] crypto/ipsec_mb: add SM3 " De Lara Guarch, Pablo
2 siblings, 1 reply; 18+ messages in thread
From: Brian Dooley @ 2024-10-03 17:05 UTC (permalink / raw)
To: Kai Ji, Pablo de Lara; +Cc: dev, gakhil, Brian Dooley
This patch introduces SM4 CBC, SM4 ECB and SM4 CTR algorithm support to
the AESNI_MB PMD. SM4 CTR is available in the v2.0 release of
Intel IPsec MB.
Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
v2:
Add Intel IPsec MB version check to capabilities
Add SM4 CTR algorithm support
v3:
Fix ipsec mb version conditions
Add documentation
---
doc/guides/cryptodevs/aesni_mb.rst | 3 +
doc/guides/cryptodevs/features/aesni_mb.ini | 3 +
doc/guides/rel_notes/release_24_11.rst | 1 +
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 28 +++++++++
drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 69 +++++++++++++++++++++
5 files changed, 104 insertions(+)
diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index f1073c3c0b..ca930be1bd 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -36,6 +36,9 @@ Cipher algorithms:
* RTE_CRYPTO_CIPHER_ZUC_EEA3
* RTE_CRYPTO_CIPHER_SNOW3G_UEA2
* RTE_CRYPTO_CIPHER_KASUMI_F8
+* RTE_CRYPTO_CIPHER_SM4_CBC
+* RTE_CRYPTO_CIPHER_SM4_ECB
+* RTE_CRYPTO_CIPHER_SM4_CTR
Hash algorithms:
diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini
index b4e9a1f65b..ebe00d075d 100644
--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@@ -42,6 +42,9 @@ AES ECB (256) = Y
ZUC EEA3 = Y
SNOW3G UEA2 = Y
KASUMI F8 = Y
+SM4 CBC = Y
+SM4 ECB = Y
+SM4 CTR = Y
;
; Supported authentication algorithms of the 'aesni_mb' crypto driver.
diff --git a/doc/guides/rel_notes/release_24_11.rst b/doc/guides/rel_notes/release_24_11.rst
index b8b68780c5..7c68ec271b 100644
--- a/doc/guides/rel_notes/release_24_11.rst
+++ b/doc/guides/rel_notes/release_24_11.rst
@@ -58,6 +58,7 @@ New Features
* **Updated IPsec_MB crypto driver.**
* Added support for SM3 algorithm.
* Added support for SM3 HMAC algorithm.
+ * Added support for SM4 CBC, SM4 ECB and SM4 CTR algorithms.
Removed Items
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 019867fe1c..7110a4a350 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -451,6 +451,9 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
uint8_t is_zuc = 0;
uint8_t is_snow3g = 0;
uint8_t is_kasumi = 0;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+ uint8_t is_sm4 = 0;
+#endif
if (xform == NULL) {
sess->template_job.cipher_mode = IMB_CIPHER_NULL;
@@ -521,6 +524,22 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
sess->iv.offset = xform->cipher.iv.offset;
sess->template_job.iv_len_in_bytes = xform->cipher.iv.length;
return 0;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+ case RTE_CRYPTO_CIPHER_SM4_CBC:
+ sess->template_job.cipher_mode = IMB_CIPHER_SM4_CBC;
+ is_sm4 = 1;
+ break;
+ case RTE_CRYPTO_CIPHER_SM4_ECB:
+ sess->template_job.cipher_mode = IMB_CIPHER_SM4_ECB;
+ is_sm4 = 1;
+ break;
+#endif
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+ case RTE_CRYPTO_CIPHER_SM4_CTR:
+ sess->template_job.cipher_mode = IMB_CIPHER_SM4_CNTR;
+ is_sm4 = 1;
+ break;
+#endif
default:
IPSEC_MB_LOG(ERR, "Unsupported cipher mode parameter");
return -ENOTSUP;
@@ -655,6 +674,15 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
&sess->cipher.pKeySched_kasumi_cipher);
sess->template_job.enc_keys = &sess->cipher.pKeySched_kasumi_cipher;
sess->template_job.dec_keys = &sess->cipher.pKeySched_kasumi_cipher;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+ } else if (is_sm4) {
+ sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
+ IMB_SM4_KEYEXP(mb_mgr, xform->cipher.key.data,
+ sess->cipher.expanded_sm4_keys.encode,
+ sess->cipher.expanded_sm4_keys.decode);
+ sess->template_job.enc_keys = sess->cipher.expanded_sm4_keys.encode;
+ sess->template_job.dec_keys = sess->cipher.expanded_sm4_keys.decode;
+#endif
} else {
if (xform->cipher.key.length != 8) {
IPSEC_MB_LOG(ERR, "Invalid cipher key length");
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 51104f159c..6120a2f62d 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -775,6 +775,64 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
}, }
}, }
},
+ { /* SM4 CBC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_SM4_CBC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ { /* SM4 ECB */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_SM4_ECB,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
+#endif
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+ { /* SM4 CTR */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_SM4_CTR,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
#endif
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
@@ -953,6 +1011,17 @@ struct __rte_cache_aligned aesni_mb_session {
/* *< SNOW3G scheduled cipher key */
kasumi_key_sched_t pKeySched_kasumi_cipher;
/* *< KASUMI scheduled cipher key */
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+ struct {
+ alignas(16) uint32_t encode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
+ /* *< encode key */
+ alignas(16) uint32_t decode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
+ /* *< decode key */
+ } expanded_sm4_keys;
+ /* *< Expanded SM4 keys - Original 128 bit key is
+ * expanded into 32 round keys, each 32 bits.
+ */
+#endif
};
} cipher;
--
2.25.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* RE: [PATCH v3 3/3] crypto/ipsec_mb: add SM4 algorithm support
2024-10-03 17:05 ` [PATCH v3 3/3] crypto/ipsec_mb: add SM4 " Brian Dooley
@ 2024-10-04 12:05 ` De Lara Guarch, Pablo
0 siblings, 0 replies; 18+ messages in thread
From: De Lara Guarch, Pablo @ 2024-10-04 12:05 UTC (permalink / raw)
To: Dooley, Brian, Ji, Kai; +Cc: dev, gakhil
> -----Original Message-----
> From: Dooley, Brian <brian.dooley@intel.com>
> Sent: Thursday, October 3, 2024 6:05 PM
> To: Ji, Kai <kai.ji@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>
> Cc: dev@dpdk.org; gakhil@marvell.com; Dooley, Brian
> <brian.dooley@intel.com>
> Subject: [PATCH v3 3/3] crypto/ipsec_mb: add SM4 algorithm support
>
> This patch introduces SM4 CBC, SM4 ECB and SM4 CTR algorithm support to
> the AESNI_MB PMD. SM4 CTR is available in the v2.0 release of Intel IPsec MB.
>
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
^ permalink raw reply [flat|nested] 18+ messages in thread
* RE: [PATCH v3 1/3] crypto/ipsec_mb: add SM3 algorithm support
2024-10-03 17:05 ` [PATCH v3 1/3] crypto/ipsec_mb: add SM3 algorithm support Brian Dooley
2024-10-03 17:05 ` [PATCH v3 2/3] crypto/ipsec_mb: add HMAC " Brian Dooley
2024-10-03 17:05 ` [PATCH v3 3/3] crypto/ipsec_mb: add SM4 " Brian Dooley
@ 2024-10-04 12:05 ` De Lara Guarch, Pablo
2024-10-09 15:21 ` Akhil Goyal
2 siblings, 1 reply; 18+ messages in thread
From: De Lara Guarch, Pablo @ 2024-10-04 12:05 UTC (permalink / raw)
To: Dooley, Brian, Ji, Kai; +Cc: dev, gakhil
> -----Original Message-----
> From: Dooley, Brian <brian.dooley@intel.com>
> Sent: Thursday, October 3, 2024 6:05 PM
> To: Ji, Kai <kai.ji@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>
> Cc: dev@dpdk.org; gakhil@marvell.com; Dooley, Brian
> <brian.dooley@intel.com>
> Subject: [PATCH v3 1/3] crypto/ipsec_mb: add SM3 algorithm support
>
> This patch introduces SM3 algorithm support to the AESNI_MB PMD.
>
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
^ permalink raw reply [flat|nested] 18+ messages in thread
* RE: [PATCH v3 1/3] crypto/ipsec_mb: add SM3 algorithm support
2024-10-04 12:05 ` [PATCH v3 1/3] crypto/ipsec_mb: add SM3 " De Lara Guarch, Pablo
@ 2024-10-09 15:21 ` Akhil Goyal
0 siblings, 0 replies; 18+ messages in thread
From: Akhil Goyal @ 2024-10-09 15:21 UTC (permalink / raw)
To: De Lara Guarch, Pablo, Dooley, Brian, Ji, Kai; +Cc: dev
> > -----Original Message-----
> > From: Dooley, Brian <brian.dooley@intel.com>
> > Sent: Thursday, October 3, 2024 6:05 PM
> > To: Ji, Kai <kai.ji@intel.com>; De Lara Guarch, Pablo
> > <pablo.de.lara.guarch@intel.com>
> > Cc: dev@dpdk.org; gakhil@marvell.com; Dooley, Brian
> > <brian.dooley@intel.com>
> > Subject: [PATCH v3 1/3] crypto/ipsec_mb: add SM3 algorithm support
> >
> > This patch introduces SM3 algorithm support to the AESNI_MB PMD.
> >
> > Signed-off-by: Brian Dooley <brian.dooley@intel.com>
>
> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Series applied to dpdk-next-crypto
Thanks.
^ permalink raw reply [flat|nested] 18+ messages in thread