[PATCH v1 1/3] crypto/ipsec_mb: add SM3 algorithm support

[PATCH v1 1/3] crypto/ipsec_mb: add SM3 algorithm support

[Brian Dooley]

This patch introduces SM3 algorithm support to the AESNI_MB PMD.

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      |  5 ++++
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 26 ++++++++++++++++++++-
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index ef4228bd38..4711b7f590 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -377,6 +377,11 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 		sess->template_job.hash_alg = IMB_AUTH_SHA_512;
 		auth_precompute = 0;
 		break;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+	case RTE_CRYPTO_AUTH_SM3:
+		sess->template_job.hash_alg = IMB_AUTH_SM3;
+		break;
+#endif
 	default:
 		IPSEC_MB_LOG(ERR,
 			"Unsupported authentication algorithm selection");
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index d6af2d4ded..90d2702a01 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -732,6 +732,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* SM3 */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SM3,
+				.block_size = 64,
+				.key_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 32,
+					.max = 32,
+					.increment = 1
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
 
@@ -840,7 +861,10 @@ static const unsigned int auth_digest_byte_lengths[] = {
 		[IMB_AUTH_SHA_512]		= 64,
 		[IMB_AUTH_ZUC_EIA3_BITLEN]	= 4,
 		[IMB_AUTH_SNOW3G_UIA2_BITLEN]	= 4,
-		[IMB_AUTH_KASUMI_UIA1]		= 4
+		[IMB_AUTH_KASUMI_UIA1]		= 4,
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+		[IMB_AUTH_SM3]			= 32
+#endif
 	/**< Vector mode dependent pointer table of the multi-buffer APIs */
 
 };
-- 
2.25.1

[PATCH v1 2/3] crypto/ipsec_mb: add HMAC SM3 algorithm support

[Brian Dooley]

This patch introduces HMAC SM3 algorithm support to the AESNI_MB PMD.

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      |  3 +++
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 24 ++++++++++++++++++++-
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 4711b7f590..019867fe1c 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -381,6 +381,9 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 	case RTE_CRYPTO_AUTH_SM3:
 		sess->template_job.hash_alg = IMB_AUTH_SM3;
 		break;
+	case RTE_CRYPTO_AUTH_SM3_HMAC:
+		sess->template_job.hash_alg = IMB_AUTH_HMAC_SM3;
+		break;
 #endif
 	default:
 		IPSEC_MB_LOG(ERR,
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 90d2702a01..24c2686952 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -753,6 +753,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* HMAC SM3 */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SM3_HMAC,
+				.block_size = 64,
+				.key_size = {
+					.min = 1,
+					.max = 65535,
+					.increment = 1
+				},
+				.digest_size = {
+					.min = 32,
+					.max = 32,
+					.increment = 1
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
 
@@ -863,7 +884,8 @@ static const unsigned int auth_digest_byte_lengths[] = {
 		[IMB_AUTH_SNOW3G_UIA2_BITLEN]	= 4,
 		[IMB_AUTH_KASUMI_UIA1]		= 4,
 #if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
-		[IMB_AUTH_SM3]			= 32
+		[IMB_AUTH_SM3]			= 32,
+		[IMB_AUTH_HMAC_SM3]		= 32,
 #endif
 	/**< Vector mode dependent pointer table of the multi-buffer APIs */
 
-- 
2.25.1

[PATCH v1 3/3] crypto/ipsec_mb: add SM4 algorithm support

[Brian Dooley]

This patch introduces SM4 algorithm support to the AESNI_MB PMD.

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 22 ++++++++++
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 47 +++++++++++++++++++++
 2 files changed, 69 insertions(+)

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 019867fe1c..1dbffb1337 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -451,6 +451,9 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 	uint8_t is_zuc = 0;
 	uint8_t is_snow3g = 0;
 	uint8_t is_kasumi = 0;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+	uint8_t is_sm4 = 0;
+#endif
 
 	if (xform == NULL) {
 		sess->template_job.cipher_mode = IMB_CIPHER_NULL;
@@ -521,6 +524,16 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 		sess->iv.offset = xform->cipher.iv.offset;
 		sess->template_job.iv_len_in_bytes = xform->cipher.iv.length;
 		return 0;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+	case RTE_CRYPTO_CIPHER_SM4_CBC:
+		sess->template_job.cipher_mode = IMB_CIPHER_SM4_CBC;
+		is_sm4 = 1;
+		break;
+	case RTE_CRYPTO_CIPHER_SM4_ECB:
+		sess->template_job.cipher_mode = IMB_CIPHER_SM4_ECB;
+		is_sm4 = 1;
+		break;
+#endif
 	default:
 		IPSEC_MB_LOG(ERR, "Unsupported cipher mode parameter");
 		return -ENOTSUP;
@@ -655,6 +668,15 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 					&sess->cipher.pKeySched_kasumi_cipher);
 		sess->template_job.enc_keys = &sess->cipher.pKeySched_kasumi_cipher;
 		sess->template_job.dec_keys = &sess->cipher.pKeySched_kasumi_cipher;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+	} else if (is_sm4) {
+		sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
+		IMB_SM4_KEYEXP(mb_mgr, xform->cipher.key.data,
+				sess->cipher.expanded_sm4_keys.encode,
+				sess->cipher.expanded_sm4_keys.decode);
+		sess->template_job.enc_keys = sess->cipher.expanded_sm4_keys.encode;
+		sess->template_job.dec_keys = sess->cipher.expanded_sm4_keys.decode;
+#endif
 	} else {
 		if (xform->cipher.key.length != 8) {
 			IPSEC_MB_LOG(ERR, "Invalid cipher key length");
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 24c2686952..e9d605d646 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -774,6 +774,42 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* SM4 CBC */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_SM4_CBC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.iv_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
+	{	/* SM4 ECB */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_SM4_ECB,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
 
@@ -951,6 +987,17 @@ struct __rte_cache_aligned aesni_mb_session {
 			/* *< SNOW3G scheduled cipher key */
 			kasumi_key_sched_t pKeySched_kasumi_cipher;
 			/* *< KASUMI scheduled cipher key */
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+			struct {
+				alignas(16) uint32_t encode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
+				/* *< encode key */
+				alignas(16) uint32_t decode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
+				/* *< decode key */
+			} expanded_sm4_keys;
+			/* *< Expanded SM4 keys - Original 128 bit key is
+			 * expanded into 32 round keys, each 32 bits.
+			 */
+#endif
 		};
 	} cipher;
 
-- 
2.25.1

RE: [EXTERNAL] [PATCH v1 3/3] crypto/ipsec_mb: add SM4 algorithm support

[Akhil Goyal]

> This patch introduces SM4 algorithm support to the AESNI_MB PMD.
> 
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>
> ---
>  drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 22 ++++++++++
>  drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 47 +++++++++++++++++++++
>  2 files changed, 69 insertions(+)

Update corresponding .ini file for the newly added algos.
Also update release notes.


> 
> diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> index 019867fe1c..1dbffb1337 100644
> --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> @@ -451,6 +451,9 @@ aesni_mb_set_session_cipher_parameters(const
> IMB_MGR *mb_mgr,
>  	uint8_t is_zuc = 0;
>  	uint8_t is_snow3g = 0;
>  	uint8_t is_kasumi = 0;
> +#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
> +	uint8_t is_sm4 = 0;
> +#endif
> 
>  	if (xform == NULL) {
>  		sess->template_job.cipher_mode = IMB_CIPHER_NULL;
> @@ -521,6 +524,16 @@ aesni_mb_set_session_cipher_parameters(const
> IMB_MGR *mb_mgr,
>  		sess->iv.offset = xform->cipher.iv.offset;
>  		sess->template_job.iv_len_in_bytes = xform->cipher.iv.length;
>  		return 0;
> +#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
> +	case RTE_CRYPTO_CIPHER_SM4_CBC:
> +		sess->template_job.cipher_mode = IMB_CIPHER_SM4_CBC;
> +		is_sm4 = 1;
> +		break;
> +	case RTE_CRYPTO_CIPHER_SM4_ECB:
> +		sess->template_job.cipher_mode = IMB_CIPHER_SM4_ECB;
> +		is_sm4 = 1;
> +		break;
> +#endif
>  	default:
>  		IPSEC_MB_LOG(ERR, "Unsupported cipher mode parameter");
>  		return -ENOTSUP;
> @@ -655,6 +668,15 @@ aesni_mb_set_session_cipher_parameters(const
> IMB_MGR *mb_mgr,
>  					&sess-
> >cipher.pKeySched_kasumi_cipher);
>  		sess->template_job.enc_keys = &sess-
> >cipher.pKeySched_kasumi_cipher;
>  		sess->template_job.dec_keys = &sess-
> >cipher.pKeySched_kasumi_cipher;
> +#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
> +	} else if (is_sm4) {
> +		sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
> +		IMB_SM4_KEYEXP(mb_mgr, xform->cipher.key.data,
> +				sess->cipher.expanded_sm4_keys.encode,
> +				sess->cipher.expanded_sm4_keys.decode);
> +		sess->template_job.enc_keys = sess-
> >cipher.expanded_sm4_keys.encode;
> +		sess->template_job.dec_keys = sess-
> >cipher.expanded_sm4_keys.decode;
> +#endif
>  	} else {
>  		if (xform->cipher.key.length != 8) {
>  			IPSEC_MB_LOG(ERR, "Invalid cipher key length");
> diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> index 24c2686952..e9d605d646 100644
> --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> @@ -774,6 +774,42 @@ static const struct rte_cryptodev_capabilities
> aesni_mb_capabilities[] = {
>  			}, }
>  		}, }
>  	},
> +	{	/* SM4 CBC */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> +			{.cipher = {
> +				.algo = RTE_CRYPTO_CIPHER_SM4_CBC,
> +				.block_size = 16,
> +				.key_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				},
> +				.iv_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				}
> +			}, }
> +		}, }
> +	},
> +	{	/* SM4 ECB */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> +			{.cipher = {
> +				.algo = RTE_CRYPTO_CIPHER_SM4_ECB,
> +				.block_size = 16,
> +				.key_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				},
> +				.iv_size = { 0 }
> +			}, }
> +		}, }
> +	},
>  	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
>  };
> 
> @@ -951,6 +987,17 @@ struct __rte_cache_aligned aesni_mb_session {
>  			/* *< SNOW3G scheduled cipher key */
>  			kasumi_key_sched_t pKeySched_kasumi_cipher;
>  			/* *< KASUMI scheduled cipher key */
> +#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
> +			struct {
> +				alignas(16) uint32_t
> encode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
> +				/* *< encode key */
> +				alignas(16) uint32_t
> decode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
> +				/* *< decode key */
> +			} expanded_sm4_keys;
> +			/* *< Expanded SM4 keys - Original 128 bit key is
> +			 * expanded into 32 round keys, each 32 bits.
> +			 */
> +#endif
>  		};
>  	} cipher;
> 
> --
> 2.25.1

[PATCH v2 1/4] crypto/ipsec_mb: add SM3 algorithm support

[Brian Dooley]

This patch introduces SM3 algorithm support to the AESNI_MB PMD.

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      |  5 ++++
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 26 ++++++++++++++++++++-
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index ef4228bd38..4711b7f590 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -377,6 +377,11 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 		sess->template_job.hash_alg = IMB_AUTH_SHA_512;
 		auth_precompute = 0;
 		break;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+	case RTE_CRYPTO_AUTH_SM3:
+		sess->template_job.hash_alg = IMB_AUTH_SM3;
+		break;
+#endif
 	default:
 		IPSEC_MB_LOG(ERR,
 			"Unsupported authentication algorithm selection");
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index d6af2d4ded..90d2702a01 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -732,6 +732,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* SM3 */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SM3,
+				.block_size = 64,
+				.key_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 32,
+					.max = 32,
+					.increment = 1
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
 
@@ -840,7 +861,10 @@ static const unsigned int auth_digest_byte_lengths[] = {
 		[IMB_AUTH_SHA_512]		= 64,
 		[IMB_AUTH_ZUC_EIA3_BITLEN]	= 4,
 		[IMB_AUTH_SNOW3G_UIA2_BITLEN]	= 4,
-		[IMB_AUTH_KASUMI_UIA1]		= 4
+		[IMB_AUTH_KASUMI_UIA1]		= 4,
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+		[IMB_AUTH_SM3]			= 32
+#endif
 	/**< Vector mode dependent pointer table of the multi-buffer APIs */
 
 };
-- 
2.25.1

[PATCH v2 2/4] crypto/ipsec_mb: add HMAC SM3 algorithm support

[Brian Dooley]

This patch introduces HMAC SM3 algorithm support to the AESNI_MB PMD.

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      |  3 +++
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 24 ++++++++++++++++++++-
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 4711b7f590..019867fe1c 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -381,6 +381,9 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 	case RTE_CRYPTO_AUTH_SM3:
 		sess->template_job.hash_alg = IMB_AUTH_SM3;
 		break;
+	case RTE_CRYPTO_AUTH_SM3_HMAC:
+		sess->template_job.hash_alg = IMB_AUTH_HMAC_SM3;
+		break;
 #endif
 	default:
 		IPSEC_MB_LOG(ERR,
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 90d2702a01..24c2686952 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -753,6 +753,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* HMAC SM3 */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SM3_HMAC,
+				.block_size = 64,
+				.key_size = {
+					.min = 1,
+					.max = 65535,
+					.increment = 1
+				},
+				.digest_size = {
+					.min = 32,
+					.max = 32,
+					.increment = 1
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
 
@@ -863,7 +884,8 @@ static const unsigned int auth_digest_byte_lengths[] = {
 		[IMB_AUTH_SNOW3G_UIA2_BITLEN]	= 4,
 		[IMB_AUTH_KASUMI_UIA1]		= 4,
 #if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
-		[IMB_AUTH_SM3]			= 32
+		[IMB_AUTH_SM3]			= 32,
+		[IMB_AUTH_HMAC_SM3]		= 32,
 #endif
 	/**< Vector mode dependent pointer table of the multi-buffer APIs */
 
-- 
2.25.1

[PATCH v2 3/4] crypto/ipsec_mb: add SM4 algorithm support

[Brian Dooley]

This patch introduces SM4 algorithm support for SM4 CBC, SM4 ECB
and SM4 CTR to the AESNI_MB PMD.

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
v2:
	Add Intel IPsec MB version check to capabilities
	Add SM4 CTR algorithm support
---
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 26 ++++++++
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 69 +++++++++++++++++++++
 2 files changed, 95 insertions(+)

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 019867fe1c..8790b53b1a 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -451,6 +451,9 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 	uint8_t is_zuc = 0;
 	uint8_t is_snow3g = 0;
 	uint8_t is_kasumi = 0;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+	uint8_t is_sm4 = 0;
+#endif
 
 	if (xform == NULL) {
 		sess->template_job.cipher_mode = IMB_CIPHER_NULL;
@@ -521,6 +524,20 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 		sess->iv.offset = xform->cipher.iv.offset;
 		sess->template_job.iv_len_in_bytes = xform->cipher.iv.length;
 		return 0;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+	case RTE_CRYPTO_CIPHER_SM4_CBC:
+		sess->template_job.cipher_mode = IMB_CIPHER_SM4_CBC;
+		is_sm4 = 1;
+		break;
+	case RTE_CRYPTO_CIPHER_SM4_ECB:
+		sess->template_job.cipher_mode = IMB_CIPHER_SM4_ECB;
+		is_sm4 = 1;
+		break;
+	case RTE_CRYPTO_CIPHER_SM4_CTR:
+		sess->template_job.cipher_mode = IMB_CIPHER_SM4_CNTR;
+		is_sm4 = 1;
+		break;
+#endif
 	default:
 		IPSEC_MB_LOG(ERR, "Unsupported cipher mode parameter");
 		return -ENOTSUP;
@@ -655,6 +672,15 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 					&sess->cipher.pKeySched_kasumi_cipher);
 		sess->template_job.enc_keys = &sess->cipher.pKeySched_kasumi_cipher;
 		sess->template_job.dec_keys = &sess->cipher.pKeySched_kasumi_cipher;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+	} else if (is_sm4) {
+		sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
+		IMB_SM4_KEYEXP(mb_mgr, xform->cipher.key.data,
+				sess->cipher.expanded_sm4_keys.encode,
+				sess->cipher.expanded_sm4_keys.decode);
+		sess->template_job.enc_keys = sess->cipher.expanded_sm4_keys.encode;
+		sess->template_job.dec_keys = sess->cipher.expanded_sm4_keys.decode;
+#endif
 	} else {
 		if (xform->cipher.key.length != 8) {
 			IPSEC_MB_LOG(ERR, "Invalid cipher key length");
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 24c2686952..af462d2569 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -732,6 +732,7 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
 			}, }
 		}, }
 	},
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
 	{	/* SM3 */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
@@ -774,6 +775,63 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* SM4 CBC */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_SM4_CBC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.iv_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
+	{	/* SM4 ECB */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_SM4_ECB,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
+	{	/* SM4 CTR */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_SM4_CTR,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.iv_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
+#endif
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
 
@@ -951,6 +1009,17 @@ struct __rte_cache_aligned aesni_mb_session {
 			/* *< SNOW3G scheduled cipher key */
 			kasumi_key_sched_t pKeySched_kasumi_cipher;
 			/* *< KASUMI scheduled cipher key */
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+			struct {
+				alignas(16) uint32_t encode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
+				/* *< encode key */
+				alignas(16) uint32_t decode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
+				/* *< decode key */
+			} expanded_sm4_keys;
+			/* *< Expanded SM4 keys - Original 128 bit key is
+			 * expanded into 32 round keys, each 32 bits.
+			 */
+#endif
 		};
 	} cipher;
 
-- 
2.25.1

[PATCH v2 4/4] doc: updated feature matrix for AESNI MB PMD

[Brian Dooley]

Added support to the AESNI MB PMD feature matrix for SM3, SM3 HMAC,
SM4 CBC, SM4 ECB, SM4 CTR. Updated release notes with same.

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
 doc/guides/cryptodevs/features/aesni_mb.ini | 5 +++++
 doc/guides/rel_notes/release_24_11.rst      | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini
index 8df5fa2c85..ebe00d075d 100644
--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@@ -42,6 +42,9 @@ AES ECB (256)  = Y
 ZUC EEA3       = Y
 SNOW3G UEA2    = Y
 KASUMI F8      = Y
+SM4 CBC        = Y
+SM4 ECB        = Y
+SM4 CTR        = Y
 
 ;
 ; Supported authentication algorithms of the 'aesni_mb' crypto driver.
@@ -64,6 +67,8 @@ AES GMAC     = Y
 ZUC EIA3     = Y
 SNOW3G UIA2  = Y
 KASUMI F9    = Y
+SM3          = Y
+SM3 HMAC     = Y
 
 ;
 ; Supported AEAD algorithms of the 'aesni_mb' crypto driver.
diff --git a/doc/guides/rel_notes/release_24_11.rst b/doc/guides/rel_notes/release_24_11.rst
index 0ff70d9057..ce88b0e84d 100644
--- a/doc/guides/rel_notes/release_24_11.rst
+++ b/doc/guides/rel_notes/release_24_11.rst
@@ -55,6 +55,10 @@ New Features
      Also, make sure to start the actual text at the margin.
      =======================================================
 
+* **Updated IPsec_MB crypto driver.**
+
+  * Added support for SM3, SM3 HMAC, SM4 CBC, SM4 ECB and SM4 CTR algorithms.
+
 
 Removed Items
 -------------
-- 
2.25.1

RE: [EXTERNAL] [PATCH v2 4/4] doc: updated feature matrix for AESNI MB PMD

[Akhil Goyal]

> Added support to the AESNI MB PMD feature matrix for SM3, SM3 HMAC,
> SM4 CBC, SM4 ECB, SM4 CTR. Updated release notes with same.
> 
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>
> ---
>  doc/guides/cryptodevs/features/aesni_mb.ini | 5 +++++
>  doc/guides/rel_notes/release_24_11.rst      | 4 ++++
>  2 files changed, 9 insertions(+)
No need for separate documentation patch.
Please add doc updates in the patch where the code is added for that feature.

Re: [EXTERNAL] [PATCH v2 4/4] doc: updated feature matrix for AESNI MB PMD

[Dooley, Brian]

[-- Attachment #1: Type: text/plain, Size: 965 bytes --]

Thanks Akhil, I will add the documentation to the correct patch and tidy up the series. I also need to look into this CI issue.
________________________________
From: Akhil Goyal <gakhil@marvell.com>
Sent: Tuesday, October 1, 2024 8:59 AM
To: Dooley, Brian <brian.dooley@intel.com>; Ji, Kai <kai.ji@intel.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
Cc: dev@dpdk.org <dev@dpdk.org>
Subject: RE: [EXTERNAL] [PATCH v2 4/4] doc: updated feature matrix for AESNI MB PMD

> Added support to the AESNI MB PMD feature matrix for SM3, SM3 HMAC,
> SM4 CBC, SM4 ECB, SM4 CTR. Updated release notes with same.
>
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>
> ---
>  doc/guides/cryptodevs/features/aesni_mb.ini | 5 +++++
>  doc/guides/rel_notes/release_24_11.rst      | 4 ++++
>  2 files changed, 9 insertions(+)
No need for separate documentation patch.
Please add doc updates in the patch where the code is added for that feature.

[-- Attachment #2: Type: text/html, Size: 1875 bytes --]

RE: [EXTERNAL] [PATCH v2 4/4] doc: updated feature matrix for AESNI MB PMD

[Akhil Goyal]

> Added support to the AESNI MB PMD feature matrix for SM3, SM3 HMAC,
> SM4 CBC, SM4 ECB, SM4 CTR. Updated release notes with same.
> 
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>
> ---
>  doc/guides/cryptodevs/features/aesni_mb.ini | 5 +++++
>  doc/guides/rel_notes/release_24_11.rst      | 4 ++++
>  2 files changed, 9 insertions(+)
> 
The compilation of the patch is also failing in CI.
Please fix. I believe the new version of ipsec-mb need to be updated in CI?

[PATCH v3 1/3] crypto/ipsec_mb: add SM3 algorithm support

[Brian Dooley]

This patch introduces SM3 algorithm support to the AESNI_MB PMD.

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
v3:
	Add ipsec mb version check
	Add documentation
---
 doc/guides/cryptodevs/aesni_mb.rst          |  1 +
 doc/guides/cryptodevs/features/aesni_mb.ini |  1 +
 doc/guides/rel_notes/release_24_11.rst      |  3 +++
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      |  5 ++++
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 28 ++++++++++++++++++++-
 5 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index 3c77d0f463..951f8a7ca8 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -56,6 +56,7 @@ Hash algorithms:
 * RTE_CRYPTO_AUTH_ZUC_EIA3
 * RTE_CRYPTO_AUTH_SNOW3G_UIA2
 * RTE_CRYPTO_AUTH_KASUMI_F9
+* RTE_CRYPTO_AUTH_SM3
 
 AEAD algorithms:
 
diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini
index 8df5fa2c85..abab926b36 100644
--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@@ -64,6 +64,7 @@ AES GMAC     = Y
 ZUC EIA3     = Y
 SNOW3G UIA2  = Y
 KASUMI F9    = Y
+SM3          = Y
 
 ;
 ; Supported AEAD algorithms of the 'aesni_mb' crypto driver.
diff --git a/doc/guides/rel_notes/release_24_11.rst b/doc/guides/rel_notes/release_24_11.rst
index 0ff70d9057..cd49f605b4 100644
--- a/doc/guides/rel_notes/release_24_11.rst
+++ b/doc/guides/rel_notes/release_24_11.rst
@@ -55,6 +55,9 @@ New Features
      Also, make sure to start the actual text at the margin.
      =======================================================
 
+* **Updated IPsec_MB crypto driver.**
+  * Added support for SM3 algorithm.
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index ef4228bd38..4711b7f590 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -377,6 +377,11 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 		sess->template_job.hash_alg = IMB_AUTH_SHA_512;
 		auth_precompute = 0;
 		break;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+	case RTE_CRYPTO_AUTH_SM3:
+		sess->template_job.hash_alg = IMB_AUTH_SM3;
+		break;
+#endif
 	default:
 		IPSEC_MB_LOG(ERR,
 			"Unsupported authentication algorithm selection");
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index d6af2d4ded..50f78bc3ff 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -732,6 +732,29 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
 			}, }
 		}, }
 	},
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+	{	/* SM3 */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SM3,
+				.block_size = 64,
+				.key_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 32,
+					.max = 32,
+					.increment = 1
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
+#endif
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
 
@@ -840,7 +863,10 @@ static const unsigned int auth_digest_byte_lengths[] = {
 		[IMB_AUTH_SHA_512]		= 64,
 		[IMB_AUTH_ZUC_EIA3_BITLEN]	= 4,
 		[IMB_AUTH_SNOW3G_UIA2_BITLEN]	= 4,
-		[IMB_AUTH_KASUMI_UIA1]		= 4
+		[IMB_AUTH_KASUMI_UIA1]		= 4,
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+		[IMB_AUTH_SM3]			= 32
+#endif
 	/**< Vector mode dependent pointer table of the multi-buffer APIs */
 
 };
-- 
2.25.1

[PATCH v3 2/3] crypto/ipsec_mb: add HMAC SM3 algorithm support

[Brian Dooley]

This patch introduces HMAC SM3 algorithm support to the AESNI_MB PMD.

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
v3:
	Add documentation
---
 doc/guides/cryptodevs/aesni_mb.rst          |  1 +
 doc/guides/cryptodevs/features/aesni_mb.ini |  1 +
 doc/guides/rel_notes/release_24_11.rst      |  1 +
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      |  3 +++
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 24 ++++++++++++++++++++-
 5 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index 951f8a7ca8..f1073c3c0b 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -57,6 +57,7 @@ Hash algorithms:
 * RTE_CRYPTO_AUTH_SNOW3G_UIA2
 * RTE_CRYPTO_AUTH_KASUMI_F9
 * RTE_CRYPTO_AUTH_SM3
+* RTE_CRYPTO_AUTH_SM3 HMAC
 
 AEAD algorithms:
 
diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini
index abab926b36..b4e9a1f65b 100644
--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@@ -65,6 +65,7 @@ ZUC EIA3     = Y
 SNOW3G UIA2  = Y
 KASUMI F9    = Y
 SM3          = Y
+SM3 HMAC     = Y
 
 ;
 ; Supported AEAD algorithms of the 'aesni_mb' crypto driver.
diff --git a/doc/guides/rel_notes/release_24_11.rst b/doc/guides/rel_notes/release_24_11.rst
index cd49f605b4..b8b68780c5 100644
--- a/doc/guides/rel_notes/release_24_11.rst
+++ b/doc/guides/rel_notes/release_24_11.rst
@@ -57,6 +57,7 @@ New Features
 
 * **Updated IPsec_MB crypto driver.**
   * Added support for SM3 algorithm.
+  * Added support for SM3 HMAC algorithm.
 
 
 Removed Items
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 4711b7f590..019867fe1c 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -381,6 +381,9 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 	case RTE_CRYPTO_AUTH_SM3:
 		sess->template_job.hash_alg = IMB_AUTH_SM3;
 		break;
+	case RTE_CRYPTO_AUTH_SM3_HMAC:
+		sess->template_job.hash_alg = IMB_AUTH_HMAC_SM3;
+		break;
 #endif
 	default:
 		IPSEC_MB_LOG(ERR,
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 50f78bc3ff..51104f159c 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -754,6 +754,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* HMAC SM3 */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SM3_HMAC,
+				.block_size = 64,
+				.key_size = {
+					.min = 1,
+					.max = 65535,
+					.increment = 1
+				},
+				.digest_size = {
+					.min = 32,
+					.max = 32,
+					.increment = 1
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 #endif
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
@@ -865,7 +886,8 @@ static const unsigned int auth_digest_byte_lengths[] = {
 		[IMB_AUTH_SNOW3G_UIA2_BITLEN]	= 4,
 		[IMB_AUTH_KASUMI_UIA1]		= 4,
 #if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
-		[IMB_AUTH_SM3]			= 32
+		[IMB_AUTH_SM3]			= 32,
+		[IMB_AUTH_HMAC_SM3]		= 32,
 #endif
 	/**< Vector mode dependent pointer table of the multi-buffer APIs */
 
-- 
2.25.1

RE: [PATCH v3 2/3] crypto/ipsec_mb: add HMAC SM3 algorithm support

[De Lara Guarch, Pablo]

> -----Original Message-----
> From: Dooley, Brian <brian.dooley@intel.com>
> Sent: Thursday, October 3, 2024 6:05 PM
> To: Ji, Kai <kai.ji@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>
> Cc: dev@dpdk.org; gakhil@marvell.com; Dooley, Brian
> <brian.dooley@intel.com>
> Subject: [PATCH v3 2/3] crypto/ipsec_mb: add HMAC SM3 algorithm support
> 
> This patch introduces HMAC SM3 algorithm support to the AESNI_MB PMD.
> 
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>

Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

[PATCH v3 3/3] crypto/ipsec_mb: add SM4 algorithm support

[Brian Dooley]

This patch introduces SM4 CBC, SM4 ECB and SM4 CTR algorithm support to
the AESNI_MB PMD. SM4 CTR is available in the v2.0 release of
Intel IPsec MB.

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
v2:
	Add Intel IPsec MB version check to capabilities
	Add SM4 CTR algorithm support
v3:
	Fix ipsec mb version conditions
	Add documentation
---
 doc/guides/cryptodevs/aesni_mb.rst          |  3 +
 doc/guides/cryptodevs/features/aesni_mb.ini |  3 +
 doc/guides/rel_notes/release_24_11.rst      |  1 +
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 28 +++++++++
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 69 +++++++++++++++++++++
 5 files changed, 104 insertions(+)

diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index f1073c3c0b..ca930be1bd 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -36,6 +36,9 @@ Cipher algorithms:
 * RTE_CRYPTO_CIPHER_ZUC_EEA3
 * RTE_CRYPTO_CIPHER_SNOW3G_UEA2
 * RTE_CRYPTO_CIPHER_KASUMI_F8
+* RTE_CRYPTO_CIPHER_SM4_CBC
+* RTE_CRYPTO_CIPHER_SM4_ECB
+* RTE_CRYPTO_CIPHER_SM4_CTR
 
 Hash algorithms:
 
diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini
index b4e9a1f65b..ebe00d075d 100644
--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@@ -42,6 +42,9 @@ AES ECB (256)  = Y
 ZUC EEA3       = Y
 SNOW3G UEA2    = Y
 KASUMI F8      = Y
+SM4 CBC        = Y
+SM4 ECB        = Y
+SM4 CTR        = Y
 
 ;
 ; Supported authentication algorithms of the 'aesni_mb' crypto driver.
diff --git a/doc/guides/rel_notes/release_24_11.rst b/doc/guides/rel_notes/release_24_11.rst
index b8b68780c5..7c68ec271b 100644
--- a/doc/guides/rel_notes/release_24_11.rst
+++ b/doc/guides/rel_notes/release_24_11.rst
@@ -58,6 +58,7 @@ New Features
 * **Updated IPsec_MB crypto driver.**
   * Added support for SM3 algorithm.
   * Added support for SM3 HMAC algorithm.
+  * Added support for SM4 CBC, SM4 ECB and SM4 CTR algorithms.
 
 
 Removed Items
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 019867fe1c..7110a4a350 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -451,6 +451,9 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 	uint8_t is_zuc = 0;
 	uint8_t is_snow3g = 0;
 	uint8_t is_kasumi = 0;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+	uint8_t is_sm4 = 0;
+#endif
 
 	if (xform == NULL) {
 		sess->template_job.cipher_mode = IMB_CIPHER_NULL;
@@ -521,6 +524,22 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 		sess->iv.offset = xform->cipher.iv.offset;
 		sess->template_job.iv_len_in_bytes = xform->cipher.iv.length;
 		return 0;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+	case RTE_CRYPTO_CIPHER_SM4_CBC:
+		sess->template_job.cipher_mode = IMB_CIPHER_SM4_CBC;
+		is_sm4 = 1;
+		break;
+	case RTE_CRYPTO_CIPHER_SM4_ECB:
+		sess->template_job.cipher_mode = IMB_CIPHER_SM4_ECB;
+		is_sm4 = 1;
+		break;
+#endif
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+	case RTE_CRYPTO_CIPHER_SM4_CTR:
+		sess->template_job.cipher_mode = IMB_CIPHER_SM4_CNTR;
+		is_sm4 = 1;
+		break;
+#endif
 	default:
 		IPSEC_MB_LOG(ERR, "Unsupported cipher mode parameter");
 		return -ENOTSUP;
@@ -655,6 +674,15 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 					&sess->cipher.pKeySched_kasumi_cipher);
 		sess->template_job.enc_keys = &sess->cipher.pKeySched_kasumi_cipher;
 		sess->template_job.dec_keys = &sess->cipher.pKeySched_kasumi_cipher;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+	} else if (is_sm4) {
+		sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
+		IMB_SM4_KEYEXP(mb_mgr, xform->cipher.key.data,
+				sess->cipher.expanded_sm4_keys.encode,
+				sess->cipher.expanded_sm4_keys.decode);
+		sess->template_job.enc_keys = sess->cipher.expanded_sm4_keys.encode;
+		sess->template_job.dec_keys = sess->cipher.expanded_sm4_keys.decode;
+#endif
 	} else {
 		if (xform->cipher.key.length != 8) {
 			IPSEC_MB_LOG(ERR, "Invalid cipher key length");
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 51104f159c..6120a2f62d 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -775,6 +775,64 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* SM4 CBC */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_SM4_CBC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.iv_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
+	{	/* SM4 ECB */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_SM4_ECB,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
+#endif
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+	{	/* SM4 CTR */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_SM4_CTR,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.iv_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
 #endif
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
@@ -953,6 +1011,17 @@ struct __rte_cache_aligned aesni_mb_session {
 			/* *< SNOW3G scheduled cipher key */
 			kasumi_key_sched_t pKeySched_kasumi_cipher;
 			/* *< KASUMI scheduled cipher key */
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+			struct {
+				alignas(16) uint32_t encode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
+				/* *< encode key */
+				alignas(16) uint32_t decode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
+				/* *< decode key */
+			} expanded_sm4_keys;
+			/* *< Expanded SM4 keys - Original 128 bit key is
+			 * expanded into 32 round keys, each 32 bits.
+			 */
+#endif
 		};
 	} cipher;
 
-- 
2.25.1

RE: [PATCH v3 3/3] crypto/ipsec_mb: add SM4 algorithm support

[De Lara Guarch, Pablo]

> -----Original Message-----
> From: Dooley, Brian <brian.dooley@intel.com>
> Sent: Thursday, October 3, 2024 6:05 PM
> To: Ji, Kai <kai.ji@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>
> Cc: dev@dpdk.org; gakhil@marvell.com; Dooley, Brian
> <brian.dooley@intel.com>
> Subject: [PATCH v3 3/3] crypto/ipsec_mb: add SM4 algorithm support
> 
> This patch introduces SM4 CBC, SM4 ECB and SM4 CTR algorithm support to
> the AESNI_MB PMD. SM4 CTR is available in the v2.0 release of Intel IPsec MB.
> 
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>

Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

RE: [PATCH v3 1/3] crypto/ipsec_mb: add SM3 algorithm support

[De Lara Guarch, Pablo]

> -----Original Message-----
> From: Dooley, Brian <brian.dooley@intel.com>
> Sent: Thursday, October 3, 2024 6:05 PM
> To: Ji, Kai <kai.ji@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>
> Cc: dev@dpdk.org; gakhil@marvell.com; Dooley, Brian
> <brian.dooley@intel.com>
> Subject: [PATCH v3 1/3] crypto/ipsec_mb: add SM3 algorithm support
> 
> This patch introduces SM3 algorithm support to the AESNI_MB PMD.
> 
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>

Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

RE: [PATCH v3 1/3] crypto/ipsec_mb: add SM3 algorithm support

[Akhil Goyal]

> > -----Original Message-----
> > From: Dooley, Brian <brian.dooley@intel.com>
> > Sent: Thursday, October 3, 2024 6:05 PM
> > To: Ji, Kai <kai.ji@intel.com>; De Lara Guarch, Pablo
> > <pablo.de.lara.guarch@intel.com>
> > Cc: dev@dpdk.org; gakhil@marvell.com; Dooley, Brian
> > <brian.dooley@intel.com>
> > Subject: [PATCH v3 1/3] crypto/ipsec_mb: add SM3 algorithm support
> >
> > This patch introduces SM3 algorithm support to the AESNI_MB PMD.
> >
> > Signed-off-by: Brian Dooley <brian.dooley@intel.com>
> 
> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Series applied to dpdk-next-crypto
Thanks.