From: Brian Dooley <brian.dooley@intel.com>
To: Kai Ji <kai.ji@intel.com>,
Pablo de Lara <pablo.de.lara.guarch@intel.com>,
Akhil Goyal <gakhil@marvell.com>,
Fan Zhang <fanzhang.oss@gmail.com>
Cc: dev@dpdk.org, Brian Dooley <brian.dooley@intel.com>
Subject: [PATCH v2 1/2] crypto/ipsec_mb: add SM4 GCM support
Date: Mon, 13 Jan 2025 16:39:41 +0000 [thread overview]
Message-ID: <20250113163942.1644893-1-brian.dooley@intel.com> (raw)
In-Reply-To: <20241213125850.2714328-1-brian.dooley@intel.com>
This patch introduces SM4 GCM algorithm support to the AESNI_MB PMD.
SM4 GCM is available in the v2.0 release of Intel IPsec MB.
Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
v2:
Added aad to cpu job params
Added ipsec mb version checks
---
doc/guides/cryptodevs/aesni_mb.rst | 1 +
doc/guides/cryptodevs/features/aesni_mb.ini | 1 +
doc/guides/cryptodevs/features/default.ini | 2 +
doc/guides/rel_notes/release_25_03.rst | 4 ++
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 54 ++++++++++++++++++++-
drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 30 ++++++++++++
lib/cryptodev/rte_crypto_sym.h | 4 +-
lib/cryptodev/rte_cryptodev.c | 3 +-
8 files changed, 95 insertions(+), 4 deletions(-)
diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index 16d82147b2..8d7e221e79 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -67,6 +67,7 @@ AEAD algorithms:
* RTE_CRYPTO_AEAD_AES_CCM
* RTE_CRYPTO_AEAD_AES_GCM
* RTE_CRYPTO_AEAD_CHACHA20_POLY1305
+* RTE_CRYPTO_AEAD_SM4_GCM
Protocol offloads:
diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini
index ebe00d075d..c648be62fb 100644
--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@@ -80,6 +80,7 @@ AES GCM (128) = Y
AES GCM (192) = Y
AES GCM (256) = Y
CHACHA20-POLY1305 = Y
+SM4 GCM = Y
;
; Supported Asymmetric algorithms of the 'aesni_mb' crypto driver.
;
diff --git a/doc/guides/cryptodevs/features/default.ini b/doc/guides/cryptodevs/features/default.ini
index 592af48026..116ffce249 100644
--- a/doc/guides/cryptodevs/features/default.ini
+++ b/doc/guides/cryptodevs/features/default.ini
@@ -118,6 +118,8 @@ AES CCM (128) =
AES CCM (192) =
AES CCM (256) =
CHACHA20-POLY1305 =
+SM4 GCM =
+
;
; Supported Asymmetric algorithms of a default crypto driver.
;
diff --git a/doc/guides/rel_notes/release_25_03.rst b/doc/guides/rel_notes/release_25_03.rst
index 426dfcd982..6f2b0bb5cb 100644
--- a/doc/guides/rel_notes/release_25_03.rst
+++ b/doc/guides/rel_notes/release_25_03.rst
@@ -55,6 +55,10 @@ New Features
Also, make sure to start the actual text at the margin.
=======================================================
+**Updated IPsec_MB crypto driver.**
+
+ * Added support for the SM4 GCM algorithm.
+
Removed Items
-------------
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 05dc1a039f..8b54e4a602 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -20,7 +20,11 @@ is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE cipher_mode)
{
return (hash_alg == IMB_AUTH_CHACHA20_POLY1305 ||
hash_alg == IMB_AUTH_AES_CCM ||
- cipher_mode == IMB_CIPHER_GCM);
+ cipher_mode == IMB_CIPHER_GCM
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+ || cipher_mode == IMB_CIPHER_SM4_GCM
+#endif
+ );
}
/** Set session authentication parameters */
@@ -602,7 +606,7 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
}
static int
-aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
+aesni_mb_set_session_aead_parameters(IMB_MGR *mb_mgr,
struct aesni_mb_session *sess,
const struct rte_crypto_sym_xform *xform)
{
@@ -720,6 +724,22 @@ aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
return -EINVAL;
}
break;
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+ case RTE_CRYPTO_AEAD_SM4_GCM:
+ sess->template_job.cipher_mode = IMB_CIPHER_SM4_GCM;
+ sess->template_job.hash_alg = IMB_AUTH_SM4_GCM;
+ sess->template_job.u.GCM.aad_len_in_bytes = xform->aead.aad_length;
+
+ if (xform->aead.key.length != 16) {
+ IPSEC_MB_LOG(ERR, "Invalid key length");
+ return -EINVAL;
+ }
+ sess->template_job.key_len_in_bytes = 16;
+ imb_sm4_gcm_pre(mb_mgr, xform->aead.key.data, &sess->cipher.gcm_key);
+ sess->template_job.enc_keys = &sess->cipher.gcm_key;
+ sess->template_job.dec_keys = &sess->cipher.gcm_key;
+ break;
+#endif
default:
IPSEC_MB_LOG(ERR, "Unsupported aead mode parameter");
return -ENOTSUP;
@@ -1037,6 +1057,13 @@ set_cpu_mb_job_params(IMB_JOB *job, struct aesni_mb_session *session,
case IMB_AUTH_CHACHA20_POLY1305:
job->u.CHACHA20_POLY1305.aad = aad->va;
break;
+
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+ case IMB_AUTH_SM4_GCM:
+ job->u.GCM.aad = aad->va;
+ break;
+#endif
+
default:
job->u.HMAC._hashed_auth_key_xor_ipad =
session->auth.pads.inner;
@@ -1559,6 +1586,11 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
imb_set_session(mb_mgr, job);
}
break;
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+ case IMB_AUTH_SM4_GCM:
+ job->u.GCM.aad = op->sym->aead.aad.data;
+ break;
+#endif
default:
break;
}
@@ -1687,6 +1719,19 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
session->iv.offset);
break;
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+ case IMB_AUTH_SM4_GCM:
+ job->hash_start_src_offset_in_bytes = 0;
+ /*
+ * Adding offset here as there is a bug in the ipsec mb library
+ */
+ job->src += op->sym->aead.data.offset;
+ job->msg_len_to_hash_in_bytes =
+ op->sym->aead.data.length;
+ job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+ session->iv.offset);
+ break;
+#endif
default:
job->hash_start_src_offset_in_bytes = auth_start_offset(op,
@@ -1732,6 +1777,11 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
job->msg_len_to_cipher_in_bytes = 0;
job->cipher_start_src_offset_in_bytes = 0;
break;
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+ case IMB_CIPHER_SM4_GCM:
+ job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;
+ break;
+#endif
default:
job->cipher_start_src_offset_in_bytes =
op->sym->cipher.data.offset;
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 468a1f35eb..bdb9ad815b 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -826,6 +826,36 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
}, }
}, }
},
+ { /* SM4 GCM */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_SM4_GCM,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0,
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0,
+ },
+ .aad_size = {
+ .min = 0,
+ .max = 65535,
+ .increment = 1,
+ },
+ .iv_size = {
+ .min = 12,
+ .max = 12,
+ .increment = 0,
+ }
+ }, }
+ }, }
+ },
#endif
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
index 505356ff44..b47e52f63b 100644
--- a/lib/cryptodev/rte_crypto_sym.h
+++ b/lib/cryptodev/rte_crypto_sym.h
@@ -482,8 +482,10 @@ enum rte_crypto_aead_algorithm {
/**< AES algorithm in CCM mode. */
RTE_CRYPTO_AEAD_AES_GCM,
/**< AES algorithm in GCM mode. */
- RTE_CRYPTO_AEAD_CHACHA20_POLY1305
+ RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
/**< Chacha20 cipher with poly1305 authenticator */
+ RTE_CRYPTO_AEAD_SM4_GCM
+ /**< SM4 cipher with GCM mode */
};
/** Symmetric AEAD Operations */
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index a49b0662f3..7b5236ad41 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -168,7 +168,8 @@ static const char *
crypto_aead_algorithm_strings[] = {
[RTE_CRYPTO_AEAD_AES_CCM] = "aes-ccm",
[RTE_CRYPTO_AEAD_AES_GCM] = "aes-gcm",
- [RTE_CRYPTO_AEAD_CHACHA20_POLY1305] = "chacha20-poly1305"
+ [RTE_CRYPTO_AEAD_CHACHA20_POLY1305] = "chacha20-poly1305",
+ [RTE_CRYPTO_AEAD_SM4_GCM] = "sm4-gcm"
};
--
2.25.1
next prev parent reply other threads:[~2025-01-13 16:40 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-13 12:58 [PATCH v1 " Brian Dooley
2024-12-13 12:58 ` [PATCH v1 2/2] app/test: add SM4 GCM tests Brian Dooley
2025-01-13 16:39 ` Brian Dooley [this message]
2025-01-13 16:39 ` [PATCH v2 1/2] crypto/ipsec_mb: add SM4 GCM support Brian Dooley
2025-01-13 17:10 ` [PATCH v3 " Brian Dooley
2025-01-13 17:10 ` [PATCH v3 2/2] app/test: add SM4 GCM tests Brian Dooley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250113163942.1644893-1-brian.dooley@intel.com \
--to=brian.dooley@intel.com \
--cc=dev@dpdk.org \
--cc=fanzhang.oss@gmail.com \
--cc=gakhil@marvell.com \
--cc=kai.ji@intel.com \
--cc=pablo.de.lara.guarch@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).