From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 24255A034F; Tue, 7 Dec 2021 07:53:54 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2068F41238; Tue, 7 Dec 2021 07:53:33 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id C924B411E6 for ; Tue, 7 Dec 2021 07:53:31 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1B76pJwA018306 for ; Mon, 6 Dec 2021 22:53:31 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=BzIvzfKNZsJHkujVIrPwKrUh46z+w5r25RHzSyzdUao=; b=GMeTDDH1I2mvy6i491phSa4T5MFUNWvPqpVOlz3S11+B3Xhej+6NN+6W8Y2mzy6BSm02 LEmISmkqMVKNUFNvVmayqSdYZQfRdV6jROA7lzf9YsvHyIipZ5sxJV/SgjEYisRSgPE8 XDN33E5ZH8EMZL/SrkM6ET1+GQJNUsu3mPHf8iZPZEdDhpZkq3mh6+gmRNQU0VeYlaWC wnfZawvOY2BqFsdeszhoNK1G/B0bqQkzpxAdizRolWKPkMAyPsFtA2ix6rS64sN1dWnX 7i6/n04/11q/hR0g2ao/MnVYF50UXK3HSz9xYdJv9YaeJK+OrZq1IaXOT97INpdybIFJ Eg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3ct2q900aq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Mon, 06 Dec 2021 22:53:30 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 6 Dec 2021 22:53:29 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Mon, 6 Dec 2021 22:53:29 -0800 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 3A9623F7071; Mon, 6 Dec 2021 22:53:26 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Anoob Joseph , Archana Muniganti , Tejasree Kondoj , Subject: [PATCH 25/25] crypto/cnxk: add aes cmac Date: Tue, 7 Dec 2021 12:20:58 +0530 Message-ID: <1638859858-734-26-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1638859858-734-1-git-send-email-anoobj@marvell.com> References: <1638859858-734-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: 4-64aMrVdT3j3mZxzBeSGxeraHL9807u X-Proofpoint-ORIG-GUID: 4-64aMrVdT3j3mZxzBeSGxeraHL9807u X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2021-12-07_02,2021-12-06_02,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add support for AES CMAC auth algorithm. Signed-off-by: Anoob Joseph --- doc/guides/cryptodevs/cnxk.rst | 1 + doc/guides/cryptodevs/features/cn10k.ini | 37 +++++++------- doc/guides/cryptodevs/features/cn9k.ini | 37 +++++++------- doc/guides/rel_notes/release_22_03.rst | 1 + drivers/common/cnxk/roc_se.h | 8 +-- drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 20 ++++++++ drivers/crypto/cnxk/cnxk_se.h | 60 ++++++++++++++--------- 7 files changed, 103 insertions(+), 61 deletions(-) diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst index 6e844f5..3c58517 100644 --- a/doc/guides/cryptodevs/cnxk.rst +++ b/doc/guides/cryptodevs/cnxk.rst @@ -61,6 +61,7 @@ Hash algorithms: * ``RTE_CRYPTO_AUTH_SHA512_HMAC`` * ``RTE_CRYPTO_AUTH_SNOW3G_UIA2`` * ``RTE_CRYPTO_AUTH_ZUC_EIA3`` +* ``RTE_CRYPTO_AUTH_AES_CMAC`` AEAD algorithms: diff --git a/doc/guides/cryptodevs/features/cn10k.ini b/doc/guides/cryptodevs/features/cn10k.ini index ab21d9d..c8193c2 100644 --- a/doc/guides/cryptodevs/features/cn10k.ini +++ b/doc/guides/cryptodevs/features/cn10k.ini @@ -41,23 +41,26 @@ ZUC EEA3 = Y ; Supported authentication algorithms of 'cn10k' crypto driver. ; [Auth] -NULL = Y -AES GMAC = Y -KASUMI F9 = Y -MD5 = Y -MD5 HMAC = Y -SHA1 = Y -SHA1 HMAC = Y -SHA224 = Y -SHA224 HMAC = Y -SHA256 = Y -SHA256 HMAC = Y -SHA384 = Y -SHA384 HMAC = Y -SHA512 = Y -SHA512 HMAC = Y -SNOW3G UIA2 = Y -ZUC EIA3 = Y +NULL = Y +AES GMAC = Y +KASUMI F9 = Y +MD5 = Y +MD5 HMAC = Y +SHA1 = Y +SHA1 HMAC = Y +SHA224 = Y +SHA224 HMAC = Y +SHA256 = Y +SHA256 HMAC = Y +SHA384 = Y +SHA384 HMAC = Y +SHA512 = Y +SHA512 HMAC = Y +SNOW3G UIA2 = Y +ZUC EIA3 = Y +AES CMAC (128) = Y +AES CMAC (192) = Y +AES CMAC (256) = Y ; ; Supported AEAD algorithms of 'cn10k' crypto driver. diff --git a/doc/guides/cryptodevs/features/cn9k.ini b/doc/guides/cryptodevs/features/cn9k.ini index d834659..f215ee0 100644 --- a/doc/guides/cryptodevs/features/cn9k.ini +++ b/doc/guides/cryptodevs/features/cn9k.ini @@ -40,23 +40,26 @@ ZUC EEA3 = Y ; Supported authentication algorithms of 'cn9k' crypto driver. ; [Auth] -NULL = Y -AES GMAC = Y -KASUMI F9 = Y -MD5 = Y -MD5 HMAC = Y -SHA1 = Y -SHA1 HMAC = Y -SHA224 = Y -SHA224 HMAC = Y -SHA256 = Y -SHA256 HMAC = Y -SHA384 = Y -SHA384 HMAC = Y -SHA512 = Y -SHA512 HMAC = Y -SNOW3G UIA2 = Y -ZUC EIA3 = Y +NULL = Y +AES GMAC = Y +KASUMI F9 = Y +MD5 = Y +MD5 HMAC = Y +SHA1 = Y +SHA1 HMAC = Y +SHA224 = Y +SHA224 HMAC = Y +SHA256 = Y +SHA256 HMAC = Y +SHA384 = Y +SHA384 HMAC = Y +SHA512 = Y +SHA512 HMAC = Y +SNOW3G UIA2 = Y +ZUC EIA3 = Y +AES CMAC (128) = Y +AES CMAC (192) = Y +AES CMAC (256) = Y ; ; Supported AEAD algorithms of 'cn9k' crypto driver. diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst index e8fec00..72e758e 100644 --- a/doc/guides/rel_notes/release_22_03.rst +++ b/doc/guides/rel_notes/release_22_03.rst @@ -63,6 +63,7 @@ New Features * Added AES-CTR support in lookaside protocol (IPsec) for CN9K & CN10K. * Added NULL cipher support in lookaside protocol (IPsec) for CN9K & CN10K. * Added AES-XCBC support in lookaside protocol (IPsec) for CN9K & CN10K. + * Added AES-CMAC support in CN9K & CN10K. Removed Items diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h index 253575a..145a182 100644 --- a/drivers/common/cnxk/roc_se.h +++ b/drivers/common/cnxk/roc_se.h @@ -11,10 +11,10 @@ #define ROC_SE_FC_MINOR_OP_DECRYPT 0x1 #define ROC_SE_FC_MINOR_OP_HMAC_FIRST 0x10 -#define ROC_SE_MAJOR_OP_HASH 0x34 -#define ROC_SE_MAJOR_OP_HMAC 0x35 -#define ROC_SE_MAJOR_OP_ZUC_SNOW3G 0x37 -#define ROC_SE_MAJOR_OP_KASUMI 0x38 +#define ROC_SE_MAJOR_OP_HASH 0x34 +#define ROC_SE_MAJOR_OP_HMAC 0x35 +#define ROC_SE_MAJOR_OP_PDCP 0x37 +#define ROC_SE_MAJOR_OP_KASUMI 0x38 #define ROC_SE_MAJOR_OP_MISC 0x01 #define ROC_SE_MISC_MINOR_OP_PASSTHROUGH 0x03 diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index 69ee0d9..457e166 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -568,6 +568,26 @@ static const struct rte_cryptodev_capabilities caps_aes[] = { }, } }, } }, + { /* AES CMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_CMAC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 4, + .max = 4, + .increment = 0 + }, + }, } + }, } + }, }; static const struct rte_cryptodev_capabilities caps_kasumi[] = { diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h index a8cd2c5..e988d57 100644 --- a/drivers/crypto/cnxk/cnxk_se.h +++ b/drivers/crypto/cnxk/cnxk_se.h @@ -73,11 +73,15 @@ pdcp_iv_copy(uint8_t *iv_d, uint8_t *iv_s, const uint8_t pdcp_alg_type, for (j = 0; j < 4; j++) iv_temp[j] = iv_s_temp[3 - j]; memcpy(iv_d, iv_temp, 16); - } else { + } else if (pdcp_alg_type == ROC_SE_PDCP_ALG_TYPE_ZUC) { /* ZUC doesn't need a swap */ memcpy(iv_d, iv_s, 16); if (pack_iv) cpt_pack_iv(iv_s, iv_d); + } else { + /* AES-CMAC EIA2, microcode expects 16B zeroized IV */ + for (j = 0; j < 4; j++) + iv_d[j] = 0; } } @@ -992,8 +996,8 @@ cpt_dec_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens, } static __rte_always_inline int -cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens, - struct roc_se_fc_params *params, struct cpt_inst_s *inst) +cpt_pdcp_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens, + struct roc_se_fc_params *params, struct cpt_inst_s *inst) { uint32_t size; int32_t inputlen, outputlen; @@ -1014,33 +1018,43 @@ cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens, mac_len = se_ctx->mac_len; pdcp_alg_type = se_ctx->pdcp_alg_type; - cpt_inst_w4.s.opcode_major = ROC_SE_MAJOR_OP_ZUC_SNOW3G; - + cpt_inst_w4.s.opcode_major = ROC_SE_MAJOR_OP_PDCP; cpt_inst_w4.s.opcode_minor = se_ctx->template_w4.s.opcode_minor; if (flags == 0x1) { iv_s = params->auth_iv_buf; - iv_len = params->auth_iv_len; - - if (iv_len == 25) { - iv_len -= 2; - pack_iv = 1; - } /* * Microcode expects offsets in bytes * TODO: Rounding off */ auth_data_len = ROC_SE_AUTH_DLEN(d_lens); - - /* EIA3 or UIA2 */ auth_offset = ROC_SE_AUTH_OFFSET(d_offs); - auth_offset = auth_offset / 8; - /* consider iv len */ - auth_offset += iv_len; + if (se_ctx->pdcp_alg_type != ROC_SE_PDCP_ALG_TYPE_AES_CTR) { + iv_len = params->auth_iv_len; + + if (iv_len == 25) { + iv_len -= 2; + pack_iv = 1; + } + + auth_offset = auth_offset / 8; + + /* consider iv len */ + auth_offset += iv_len; + + inputlen = + auth_offset + (RTE_ALIGN(auth_data_len, 8) / 8); + } else { + iv_len = 16; + + /* consider iv len */ + auth_offset += iv_len; + + inputlen = auth_offset + auth_data_len; + } - inputlen = auth_offset + (RTE_ALIGN(auth_data_len, 8) / 8); outputlen = mac_len; offset_ctrl = rte_cpu_to_be_64((uint64_t)auth_offset); @@ -1056,7 +1070,6 @@ cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens, pack_iv = 1; } - /* EEA3 or UEA2 */ /* * Microcode expects offsets in bytes * TODO: Rounding off @@ -1589,8 +1602,7 @@ cpt_fc_dec_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens, if (likely(fc_type == ROC_SE_FC_GEN)) { ret = cpt_dec_hmac_prep(flags, d_offs, d_lens, fc_params, inst); } else if (fc_type == ROC_SE_PDCP) { - ret = cpt_zuc_snow3g_prep(flags, d_offs, d_lens, fc_params, - inst); + ret = cpt_pdcp_alg_prep(flags, d_offs, d_lens, fc_params, inst); } else if (fc_type == ROC_SE_KASUMI) { ret = cpt_kasumi_dec_prep(d_offs, d_lens, fc_params, inst); } @@ -1618,8 +1630,7 @@ cpt_fc_enc_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens, if (likely(fc_type == ROC_SE_FC_GEN)) { ret = cpt_enc_hmac_prep(flags, d_offs, d_lens, fc_params, inst); } else if (fc_type == ROC_SE_PDCP) { - ret = cpt_zuc_snow3g_prep(flags, d_offs, d_lens, fc_params, - inst); + ret = cpt_pdcp_alg_prep(flags, d_offs, d_lens, fc_params, inst); } else if (fc_type == ROC_SE_KASUMI) { ret = cpt_kasumi_enc_prep(flags, d_offs, d_lens, fc_params, inst); @@ -1883,8 +1894,11 @@ fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess) auth_type = 0; is_null = 1; break; - case RTE_CRYPTO_AUTH_AES_XCBC_MAC: case RTE_CRYPTO_AUTH_AES_CMAC: + auth_type = ROC_SE_AES_CMAC_EIA2; + zsk_flag = ROC_SE_ZS_IA; + break; + case RTE_CRYPTO_AUTH_AES_XCBC_MAC: case RTE_CRYPTO_AUTH_AES_CBC_MAC: plt_dp_err("Crypto: Unsupported hash algo %u", a_form->algo); return -1; -- 2.7.4