From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1FBA446074; Mon, 13 Jan 2025 18:10:32 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A0A4440669; Mon, 13 Jan 2025 18:10:31 +0100 (CET) Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.19]) by mails.dpdk.org (Postfix) with ESMTP id 0D10540653 for ; Mon, 13 Jan 2025 18:10:28 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1736788229; x=1768324229; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=2KJPLWUyaPnqgO8ZofWhOWBblood4WvjJxmdFvVdslY=; b=nw5YWkjY7+iArX4C1UjY1tVZjIjHLXagzZRsLCwHtWmpLqS0r3Ms3YGy lf/VjRUEwxtFl5eUWZRvdK63LaZ32OPzTLf10Ps89cuhtgcJ1RgIWbcVM NCouEkQUGhEWxi5ZV8wzk5Trrnoe4J5EdjitcJMa8JYk6uzBjTrryCT9H nWZ7cw5pWJXmsPBcf8qSKue9b91NAUDDJ3K9tvW3SyN4i5PSatt59xMbi 2SNe2LsDmkE2iCLjl+3fZAatv0As7qnsnKmoJKRdQ2ObhM9wT4SBWFGbf 9YryZMsiEYdZhoiKemkMjE3s9aJNP47YPgPAwZPuv5yLrlHuPLjNn81Hg g==; X-CSE-ConnectionGUID: dyjM1hDKS8K6p0eVhk2N5g== X-CSE-MsgGUID: Hip3REyuRnePVHbYt5BzZA== X-IronPort-AV: E=McAfee;i="6700,10204,11314"; a="36275267" X-IronPort-AV: E=Sophos;i="6.12,310,1728975600"; d="scan'208";a="36275267" Received: from fmviesa008.fm.intel.com ([10.60.135.148]) by fmvoesa113.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Jan 2025 09:10:28 -0800 X-CSE-ConnectionGUID: MrkZhAaGQ26e/1wIvtdQsg== X-CSE-MsgGUID: 2TcoGYFCToSHXGmKUIFvbA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,310,1728975600"; d="scan'208";a="104721613" Received: from unknown (HELO silpixa00400886.ir.intel.com) ([10.243.22.139]) by fmviesa008.fm.intel.com with ESMTP; 13 Jan 2025 09:10:25 -0800 From: Brian Dooley To: Cc: dev@dpdk.org, gakhil@marvell.com, kai.ji@intel.com, pablo.de.lara.guarch@intel.com, Brian Dooley Subject: [PATCH v3 1/2] crypto/ipsec_mb: add SM4 GCM support Date: Mon, 13 Jan 2025 17:10:21 +0000 Message-Id: <20250113171022.1649181-1-brian.dooley@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20241213125850.2714328-1-brian.dooley@intel.com> References: <20241213125850.2714328-1-brian.dooley@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org This patch introduces SM4 GCM algorithm support to the AESNI_MB PMD. SM4 GCM is available in the v2.0 release of Intel IPsec MB. Signed-off-by: Brian Dooley --- v2: Added aad to cpu job params Added ipsec mb version checks v3: Fix naming for patchwork --- doc/guides/cryptodevs/aesni_mb.rst | 1 + doc/guides/cryptodevs/features/aesni_mb.ini | 1 + doc/guides/cryptodevs/features/default.ini | 2 + doc/guides/rel_notes/release_25_03.rst | 4 ++ drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 54 ++++++++++++++++++++- drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 30 ++++++++++++ lib/cryptodev/rte_crypto_sym.h | 4 +- lib/cryptodev/rte_cryptodev.c | 3 +- 8 files changed, 95 insertions(+), 4 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 16d82147b2..8d7e221e79 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -67,6 +67,7 @@ AEAD algorithms: * RTE_CRYPTO_AEAD_AES_CCM * RTE_CRYPTO_AEAD_AES_GCM * RTE_CRYPTO_AEAD_CHACHA20_POLY1305 +* RTE_CRYPTO_AEAD_SM4_GCM Protocol offloads: diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index ebe00d075d..c648be62fb 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -80,6 +80,7 @@ AES GCM (128) = Y AES GCM (192) = Y AES GCM (256) = Y CHACHA20-POLY1305 = Y +SM4 GCM = Y ; ; Supported Asymmetric algorithms of the 'aesni_mb' crypto driver. ; diff --git a/doc/guides/cryptodevs/features/default.ini b/doc/guides/cryptodevs/features/default.ini index 592af48026..116ffce249 100644 --- a/doc/guides/cryptodevs/features/default.ini +++ b/doc/guides/cryptodevs/features/default.ini @@ -118,6 +118,8 @@ AES CCM (128) = AES CCM (192) = AES CCM (256) = CHACHA20-POLY1305 = +SM4 GCM = + ; ; Supported Asymmetric algorithms of a default crypto driver. ; diff --git a/doc/guides/rel_notes/release_25_03.rst b/doc/guides/rel_notes/release_25_03.rst index 426dfcd982..6f2b0bb5cb 100644 --- a/doc/guides/rel_notes/release_25_03.rst +++ b/doc/guides/rel_notes/release_25_03.rst @@ -55,6 +55,10 @@ New Features Also, make sure to start the actual text at the margin. ======================================================= +**Updated IPsec_MB crypto driver.** + + * Added support for the SM4 GCM algorithm. + Removed Items ------------- diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c index 05dc1a039f..8b54e4a602 100644 --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c @@ -20,7 +20,11 @@ is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE cipher_mode) { return (hash_alg == IMB_AUTH_CHACHA20_POLY1305 || hash_alg == IMB_AUTH_AES_CCM || - cipher_mode == IMB_CIPHER_GCM); + cipher_mode == IMB_CIPHER_GCM +#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM + || cipher_mode == IMB_CIPHER_SM4_GCM +#endif + ); } /** Set session authentication parameters */ @@ -602,7 +606,7 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr, } static int -aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr, +aesni_mb_set_session_aead_parameters(IMB_MGR *mb_mgr, struct aesni_mb_session *sess, const struct rte_crypto_sym_xform *xform) { @@ -720,6 +724,22 @@ aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr, return -EINVAL; } break; +#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM + case RTE_CRYPTO_AEAD_SM4_GCM: + sess->template_job.cipher_mode = IMB_CIPHER_SM4_GCM; + sess->template_job.hash_alg = IMB_AUTH_SM4_GCM; + sess->template_job.u.GCM.aad_len_in_bytes = xform->aead.aad_length; + + if (xform->aead.key.length != 16) { + IPSEC_MB_LOG(ERR, "Invalid key length"); + return -EINVAL; + } + sess->template_job.key_len_in_bytes = 16; + imb_sm4_gcm_pre(mb_mgr, xform->aead.key.data, &sess->cipher.gcm_key); + sess->template_job.enc_keys = &sess->cipher.gcm_key; + sess->template_job.dec_keys = &sess->cipher.gcm_key; + break; +#endif default: IPSEC_MB_LOG(ERR, "Unsupported aead mode parameter"); return -ENOTSUP; @@ -1037,6 +1057,13 @@ set_cpu_mb_job_params(IMB_JOB *job, struct aesni_mb_session *session, case IMB_AUTH_CHACHA20_POLY1305: job->u.CHACHA20_POLY1305.aad = aad->va; break; + +#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM + case IMB_AUTH_SM4_GCM: + job->u.GCM.aad = aad->va; + break; +#endif + default: job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner; @@ -1559,6 +1586,11 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, imb_set_session(mb_mgr, job); } break; +#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM + case IMB_AUTH_SM4_GCM: + job->u.GCM.aad = op->sym->aead.aad.data; + break; +#endif default: break; } @@ -1687,6 +1719,19 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, job->iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset); break; +#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM + case IMB_AUTH_SM4_GCM: + job->hash_start_src_offset_in_bytes = 0; + /* + * Adding offset here as there is a bug in the ipsec mb library + */ + job->src += op->sym->aead.data.offset; + job->msg_len_to_hash_in_bytes = + op->sym->aead.data.length; + job->iv = rte_crypto_op_ctod_offset(op, uint8_t *, + session->iv.offset); + break; +#endif default: job->hash_start_src_offset_in_bytes = auth_start_offset(op, @@ -1732,6 +1777,11 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, job->msg_len_to_cipher_in_bytes = 0; job->cipher_start_src_offset_in_bytes = 0; break; +#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM + case IMB_CIPHER_SM4_GCM: + job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length; + break; +#endif default: job->cipher_start_src_offset_in_bytes = op->sym->cipher.data.offset; diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h index 468a1f35eb..bdb9ad815b 100644 --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h @@ -826,6 +826,36 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = { }, } }, } }, + { /* SM4 GCM */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, + {.aead = { + .algo = RTE_CRYPTO_AEAD_SM4_GCM, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0, + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0, + }, + .aad_size = { + .min = 0, + .max = 65535, + .increment = 1, + }, + .iv_size = { + .min = 12, + .max = 12, + .increment = 0, + } + }, } + }, } + }, #endif RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h index 505356ff44..b47e52f63b 100644 --- a/lib/cryptodev/rte_crypto_sym.h +++ b/lib/cryptodev/rte_crypto_sym.h @@ -482,8 +482,10 @@ enum rte_crypto_aead_algorithm { /**< AES algorithm in CCM mode. */ RTE_CRYPTO_AEAD_AES_GCM, /**< AES algorithm in GCM mode. */ - RTE_CRYPTO_AEAD_CHACHA20_POLY1305 + RTE_CRYPTO_AEAD_CHACHA20_POLY1305, /**< Chacha20 cipher with poly1305 authenticator */ + RTE_CRYPTO_AEAD_SM4_GCM + /**< SM4 cipher with GCM mode */ }; /** Symmetric AEAD Operations */ diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c index a49b0662f3..7b5236ad41 100644 --- a/lib/cryptodev/rte_cryptodev.c +++ b/lib/cryptodev/rte_cryptodev.c @@ -168,7 +168,8 @@ static const char * crypto_aead_algorithm_strings[] = { [RTE_CRYPTO_AEAD_AES_CCM] = "aes-ccm", [RTE_CRYPTO_AEAD_AES_GCM] = "aes-gcm", - [RTE_CRYPTO_AEAD_CHACHA20_POLY1305] = "chacha20-poly1305" + [RTE_CRYPTO_AEAD_CHACHA20_POLY1305] = "chacha20-poly1305", + [RTE_CRYPTO_AEAD_SM4_GCM] = "sm4-gcm" }; -- 2.25.1