From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id D9083A04B5; Fri, 11 Sep 2020 13:19:20 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id CC3441BFCD; Fri, 11 Sep 2020 13:19:19 +0200 (CEST) Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by dpdk.org (Postfix) with ESMTP id 6990B1B9B7 for ; Fri, 11 Sep 2020 13:19:17 +0200 (CEST) IronPort-SDR: wqNYqCPRUWWzUmr+lRfWfOrSf/4LFJv6yfsiun3VHIphJOjm1LAqKtNyuYXUkN/M2DRHkEgUbK Zc24bMOTjRaA== X-IronPort-AV: E=McAfee;i="6000,8403,9740"; a="138252063" X-IronPort-AV: E=Sophos;i="5.76,415,1592895600"; d="scan'208";a="138252063" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Sep 2020 04:19:14 -0700 IronPort-SDR: IlosNOEAZ4EaIdO1hyo1huCi21jCWdUmQHCuhtwhStUkXYrxKotELyeNuaP/D+1HJr1e/2c9D0 xwIynSqq8imw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,415,1592895600"; d="scan'208";a="481289111" Received: from silpixa00399593.ir.intel.com (HELO silpixa00399593.ger.corp.intel.com) ([10.237.223.27]) by orsmga005.jf.intel.com with ESMTP; 11 Sep 2020 04:19:12 -0700 From: Pablo de Lara To: dev@dpdk.org Cc: Pablo de Lara Date: Fri, 11 Sep 2020 11:18:59 +0000 Message-Id: <20200911111901.2664106-1-pablo.de.lara.guarch@intel.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Signed-off-by: Pablo de Lara --- doc/guides/cryptodevs/aesni_mb.rst | 36 ++--- doc/guides/cryptodevs/features/aesni_mb.ini | 2 + doc/guides/rel_notes/release_20_11.rst | 4 + .../crypto/aesni_mb/aesni_mb_pmd_private.h | 127 ++++++++++-------- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 60 ++++++++- .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 47 +++++++ 6 files changed, 204 insertions(+), 72 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 15388d20a..0cb58bfe5 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -32,23 +32,25 @@ Cipher algorithms: * RTE_CRYPTO_CIPHER_DES_CBC * RTE_CRYPTO_CIPHER_3DES_CBC * RTE_CRYPTO_CIPHER_DES_DOCSISBPI - -Hash algorithms: - -* RTE_CRYPTO_HASH_MD5_HMAC -* RTE_CRYPTO_HASH_SHA1_HMAC -* RTE_CRYPTO_HASH_SHA224_HMAC -* RTE_CRYPTO_HASH_SHA256_HMAC -* RTE_CRYPTO_HASH_SHA384_HMAC -* RTE_CRYPTO_HASH_SHA512_HMAC -* RTE_CRYPTO_HASH_AES_XCBC_HMAC -* RTE_CRYPTO_HASH_AES_CMAC -* RTE_CRYPTO_HASH_AES_GMAC -* RTE_CRYPTO_HASH_SHA1 -* RTE_CRYPTO_HASH_SHA224 -* RTE_CRYPTO_HASH_SHA256 -* RTE_CRYPTO_HASH_SHA384 -* RTE_CRYPTO_HASH_SHA512 +* RTE_CRYPTO_CIPHER_ZUC_EEA3 + +Authentication algorithms: + +* RTE_CRYPTO_AUTH_MD5_HMAC +* RTE_CRYPTO_AUTH_SHA1_HMAC +* RTE_CRYPTO_AUTH_SHA224_HMAC +* RTE_CRYPTO_AUTH_SHA256_HMAC +* RTE_CRYPTO_AUTH_SHA384_HMAC +* RTE_CRYPTO_AUTH_SHA512_HMAC +* RTE_CRYPTO_AUTH_AES_XCBC_HMAC +* RTE_CRYPTO_AUTH_AES_CMAC +* RTE_CRYPTO_AUTH_AES_GMAC +* RTE_CRYPTO_AUTH_SHA1 +* RTE_CRYPTO_AUTH_SHA224 +* RTE_CRYPTO_AUTH_SHA256 +* RTE_CRYPTO_AUTH_SHA384 +* RTE_CRYPTO_AUTH_SHA512 +* RTE_CRYPTO_AUTH_ZUC_EIA3 AEAD algorithms: diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index 38d255aff..47210333c 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -30,6 +30,7 @@ AES DOCSIS BPI = Y DES CBC = Y 3DES CBC = Y DES DOCSIS BPI = Y +ZUC EEA3 = Y ; ; Supported authentication algorithms of the 'aesni_mb' crypto driver. @@ -49,6 +50,7 @@ SHA512 HMAC = Y AES XCBC MAC = Y AES CMAC (128) = Y AES GMAC = Y +ZUC EIA3 = Y ; ; Supported AEAD algorithms of the 'aesni_mb' crypto driver. diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst index df227a177..1dc822cb7 100644 --- a/doc/guides/rel_notes/release_20_11.rst +++ b/doc/guides/rel_notes/release_20_11.rst @@ -55,6 +55,10 @@ New Features Also, make sure to start the actual text at the margin. ======================================================= +* **Updated the AESNI MB crypto PMD.** + + * Added support for ZUC-EEA3/EIA3 algorithms. + Removed Items ------------- diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index e0c7b4f7c..5dd94a87a 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -39,22 +39,25 @@ extern int aesni_mb_logtype_driver; /* Maximum length for digest */ #define DIGEST_LENGTH_MAX 64 static const unsigned auth_blocksize[] = { - [NULL_HASH] = 0, - [MD5] = 64, - [SHA1] = 64, - [SHA_224] = 64, - [SHA_256] = 64, - [SHA_384] = 128, - [SHA_512] = 128, - [AES_XCBC] = 16, - [AES_CCM] = 16, - [AES_CMAC] = 16, - [AES_GMAC] = 16, - [PLAIN_SHA1] = 64, - [PLAIN_SHA_224] = 64, - [PLAIN_SHA_256] = 64, - [PLAIN_SHA_384] = 128, - [PLAIN_SHA_512] = 128 + [NULL_HASH] = 0, + [MD5] = 64, + [SHA1] = 64, + [SHA_224] = 64, + [SHA_256] = 64, + [SHA_384] = 128, + [SHA_512] = 128, + [AES_XCBC] = 16, + [AES_CCM] = 16, + [AES_CMAC] = 16, + [AES_GMAC] = 16, + [PLAIN_SHA1] = 64, + [PLAIN_SHA_224] = 64, + [PLAIN_SHA_256] = 64, + [PLAIN_SHA_384] = 128, + [PLAIN_SHA_512] = 128, +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + [IMB_AUTH_ZUC_EIA3_BITLEN] = 16 +#endif }; /** @@ -70,22 +73,25 @@ get_auth_algo_blocksize(JOB_HASH_ALG algo) } static const unsigned auth_truncated_digest_byte_lengths[] = { - [MD5] = 12, - [SHA1] = 12, - [SHA_224] = 14, - [SHA_256] = 16, - [SHA_384] = 24, - [SHA_512] = 32, - [AES_XCBC] = 12, - [AES_CMAC] = 12, - [AES_CCM] = 8, - [NULL_HASH] = 0, - [AES_GMAC] = 16, - [PLAIN_SHA1] = 20, - [PLAIN_SHA_224] = 28, - [PLAIN_SHA_256] = 32, - [PLAIN_SHA_384] = 48, - [PLAIN_SHA_512] = 64 + [MD5] = 12, + [SHA1] = 12, + [SHA_224] = 14, + [SHA_256] = 16, + [SHA_384] = 24, + [SHA_512] = 32, + [AES_XCBC] = 12, + [AES_CMAC] = 12, + [AES_CCM] = 8, + [NULL_HASH] = 0, + [AES_GMAC] = 16, + [PLAIN_SHA1] = 20, + [PLAIN_SHA_224] = 28, + [PLAIN_SHA_256] = 32, + [PLAIN_SHA_384] = 48, + [PLAIN_SHA_512] = 64, +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 +#endif }; /** @@ -102,22 +108,25 @@ get_truncated_digest_byte_length(JOB_HASH_ALG algo) } static const unsigned auth_digest_byte_lengths[] = { - [MD5] = 16, - [SHA1] = 20, - [SHA_224] = 28, - [SHA_256] = 32, - [SHA_384] = 48, - [SHA_512] = 64, - [AES_XCBC] = 16, - [AES_CMAC] = 16, - [AES_CCM] = 16, - [AES_GMAC] = 12, - [NULL_HASH] = 0, - [PLAIN_SHA1] = 20, - [PLAIN_SHA_224] = 28, - [PLAIN_SHA_256] = 32, - [PLAIN_SHA_384] = 48, - [PLAIN_SHA_512] = 64 + [MD5] = 16, + [SHA1] = 20, + [SHA_224] = 28, + [SHA_256] = 32, + [SHA_384] = 48, + [SHA_512] = 64, + [AES_XCBC] = 16, + [AES_CMAC] = 16, + [AES_CCM] = 16, + [AES_GMAC] = 12, + [NULL_HASH] = 0, + [PLAIN_SHA1] = 20, + [PLAIN_SHA_224] = 28, + [PLAIN_SHA_256] = 32, + [PLAIN_SHA_384] = 48, + [PLAIN_SHA_512] = 64, +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 +#endif /**< Vector mode dependent pointer table of the multi-buffer APIs */ }; @@ -189,6 +198,10 @@ struct aesni_mb_session { uint16_t length; uint16_t offset; } iv; + struct { + uint16_t length; + uint16_t offset; + } auth_iv; /**< IV parameters */ /** Cipher Parameters */const struct aesni_mb_op_fns *op_fns; @@ -209,19 +222,23 @@ struct aesni_mb_session { uint32_t decode[60] __rte_aligned(16); /**< decode key */ } expanded_aes_keys; + /**< Expanded AES keys - Allocating space to + * contain the maximum expanded key size which + * is 240 bytes for 256 bit AES, calculate by: + * ((key size (bytes)) * + * ((number of rounds) + 1)) + */ struct { const void *ks_ptr[3]; uint64_t key[3][16]; } exp_3des_keys; + /**< Expanded 3DES keys */ struct gcm_key_data gcm_key; + /**< Expanded GCM key */ + uint8_t zuc_cipher_key[16]; + /**< ZUC cipher key */ }; - /**< Expanded AES keys - Allocating space to - * contain the maximum expanded key size which - * is 240 bytes for 256 bit AES, calculate by: - * ((key size (bytes)) * - * ((number of rounds) + 1)) - */ } cipher; /** Authentication Parameters */ @@ -260,6 +277,8 @@ struct aesni_mb_session { /**< k3. */ } cmac; /**< Expanded XCBC authentication keys */ + uint8_t zuc_auth_key[16]; + /**< ZUC authentication key */ }; /** Generated digest size by the Multi-buffer library */ uint16_t gen_digest_len; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 1bddbcf74..cdc33415a 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -146,6 +146,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, return -1; } + /* Set IV parameters */ + sess->auth_iv.offset = xform->auth.iv.offset; + sess->auth_iv.length = xform->auth.iv.length; + /* Set the request digest size */ sess->auth.req_digest_len = xform->auth.digest_length; @@ -249,6 +253,22 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, return 0; } +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + if (xform->auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3) { + sess->auth.algo = IMB_AUTH_ZUC_EIA3_BITLEN; + uint16_t zuc_eia3_digest_len = + get_truncated_digest_byte_length(IMB_AUTH_ZUC_EIA3_BITLEN); + if (sess->auth.req_digest_len != zuc_eia3_digest_len) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } + sess->auth.gen_digest_len = sess->auth.req_digest_len; + + memcpy(sess->auth.zuc_auth_key, xform->auth.key.data, 16); + return 0; + } +#endif + switch (xform->auth.algo) { case RTE_CRYPTO_AUTH_MD5_HMAC: sess->auth.algo = MD5; @@ -381,6 +401,9 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, uint8_t is_aes = 0; uint8_t is_3DES = 0; uint8_t is_docsis = 0; +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + uint8_t is_zuc = 0; +#endif if (xform == NULL) { sess->cipher.mode = NULL_CIPHER; @@ -429,6 +452,12 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.mode = DES3; is_3DES = 1; break; +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + case RTE_CRYPTO_CIPHER_ZUC_EEA3: + sess->cipher.mode = IMB_CIPHER_ZUC_EEA3; + is_zuc = 1; + break; +#endif default: AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter"); return -ENOTSUP; @@ -527,6 +556,16 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, } sess->cipher.key_length_in_bytes = 24; +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + } else if (is_zuc) { + if (xform->cipher.key.length != 16) { + AESNI_MB_LOG(ERR, "Invalid cipher key length"); + return -EINVAL; + } + sess->cipher.key_length_in_bytes = 16; + memcpy(sess->cipher.zuc_cipher_key, xform->cipher.key.data, + 16); +#endif } else { if (xform->cipher.key.length != 8) { AESNI_MB_LOG(ERR, "Invalid cipher key length"); @@ -693,6 +732,7 @@ aesni_mb_set_session_parameters(const MB_MGR *mb_mgr, /* Default IV length = 0 */ sess->iv.length = 0; + sess->auth_iv.length = 0; ret = aesni_mb_set_session_auth_parameters(mb_mgr, sess, auth_xform); if (ret != 0) { @@ -1168,7 +1208,13 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->aes_enc_key_expanded = &session->cipher.gcm_key; job->aes_dec_key_expanded = &session->cipher.gcm_key; break; - +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + case IMB_AUTH_ZUC_EIA3_BITLEN: + job->u.ZUC_EIA3._key = session->auth.zuc_auth_key; + job->u.ZUC_EIA3._iv = rte_crypto_op_ctod_offset(op, uint8_t *, + session->auth_iv.offset); + break; +#endif default: job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner; job->u.HMAC._hashed_auth_key_xor_opad = session->auth.pads.outer; @@ -1186,6 +1232,13 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } } +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) { + job->aes_enc_key_expanded = session->cipher.zuc_cipher_key; + job->aes_dec_key_expanded = session->cipher.zuc_cipher_key; + } +#endif + if (!op->sym->m_dst) { /* in-place operation */ m_dst = m_src; @@ -1286,6 +1339,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, session->iv.offset); } +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) + job->msg_len_to_cipher_in_bytes >>= 3; +#endif + /* Set user data to be crypto operation data struct */ job->user_data = op; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 2362f0c3c..487db6330 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -497,6 +497,53 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + { /* ZUC (EIA3) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 4, + .max = 4, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { /* ZUC (EEA3) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + }, } + }, } + }, +#endif RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -- 2.25.1