DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC
@ 2021-01-07 10:54 Hemant Agrawal
  2021-01-07 10:54 ` [dpdk-dev] [PATCH 2/5] test/crypto: add AES-XCBC hash only test case Hemant Agrawal
                   ` (4 more replies)
  0 siblings, 5 replies; 11+ messages in thread
From: Hemant Agrawal @ 2021-01-07 10:54 UTC (permalink / raw)
  To: dev, akhil.goyal; +Cc: Barry Cao, Hemant Agrawal

From: Akhil Goyal <akhil.goyal@nxp.com>

This patch add support for AES-XCBC-MAC for following cases
- AES-XCBC-MAC auth only
- AES-CBC/CTR + AES-XCBC-MAC (non-proto)
- AES-CBC/CTR + AES-XCBC-MAC (protocol offload)
- DES-CBC + AES-XCBC-MAC (non-proto)
- 3DES-CBC + AES-XCBC-MAC (non-proto)

Signed-off-by: Barry Cao <barry.cao@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 doc/guides/cryptodevs/dpaa2_sec.rst           |  1 +
 doc/guides/cryptodevs/features/dpaa2_sec.ini  |  1 +
 drivers/common/dpaax/caamflib/desc/algo.h     | 63 +++++++++++++++++++
 drivers/common/dpaax/caamflib/desc/ipsec.h    | 18 ++++--
 .../common/dpaax/caamflib/rta/operation_cmd.h |  6 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   | 20 +++++-
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h     | 21 +++++++
 7 files changed, 123 insertions(+), 7 deletions(-)

diff --git a/doc/guides/cryptodevs/dpaa2_sec.rst b/doc/guides/cryptodevs/dpaa2_sec.rst
index 83565d7175..275ccf28de 100644
--- a/doc/guides/cryptodevs/dpaa2_sec.rst
+++ b/doc/guides/cryptodevs/dpaa2_sec.rst
@@ -121,6 +121,7 @@ Hash algorithms:
 * ``RTE_CRYPTO_AUTH_SHA384_HMAC``
 * ``RTE_CRYPTO_AUTH_SHA512_HMAC``
 * ``RTE_CRYPTO_AUTH_MD5_HMAC``
+* ``RTE_CRYPTO_AUTH_AES_XCBC_MAC``
 
 AEAD algorithms:
 
diff --git a/doc/guides/cryptodevs/features/dpaa2_sec.ini b/doc/guides/cryptodevs/features/dpaa2_sec.ini
index 02c1bf4185..9828d1528e 100644
--- a/doc/guides/cryptodevs/features/dpaa2_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa2_sec.ini
@@ -46,6 +46,7 @@ SHA384 HMAC  = Y
 SHA512       = Y
 SHA512 HMAC  = Y
 SNOW3G UIA2  = Y
+AES XCBC MAC = Y
 ZUC EIA3     = Y
 
 ;
diff --git a/drivers/common/dpaax/caamflib/desc/algo.h b/drivers/common/dpaax/caamflib/desc/algo.h
index 41cac5abd0..cf43d9c14c 100644
--- a/drivers/common/dpaax/caamflib/desc/algo.h
+++ b/drivers/common/dpaax/caamflib/desc/algo.h
@@ -873,4 +873,67 @@ cnstr_shdsc_gcm_decap(uint32_t *descbuf, bool ps, bool swap,
 	return PROGRAM_FINALIZE(p);
 }
 
+/**
+ * cnstr_shdsc_aes_xcbc_mac - AES_XCBC_MAC
+ * @descbuf: pointer to descriptor-under-construction buffer
+ * @ps: if 36/40bit addressing is desired, this parameter must be true
+ * @swap: must be true when core endianness doesn't match SEC endianness
+ * @share: sharing type of shared descriptor
+ * @authdata: pointer to authentication transform definitions;
+ *		   message digest algorithm: OP_ALG_ALGSEL_AES.
+ * @do_icv: 0 if ICV checking is not desired, any other value if ICV checking
+ *          is needed for all the packets processed by this shared descriptor
+ * @trunc_len: Length of the truncated ICV to be written in the output buffer,
+ *             0 if no truncation is needed
+ *
+ * Note: There's no support for keys longer than the block size of the
+ * underlying hash function, according to the selected algorithm.
+ *
+ * Return: size of descriptor written in words or negative number on error
+ */
+static inline int
+cnstr_shdsc_aes_xcbc_mac(uint32_t *descbuf, bool ps, bool swap,
+		enum rta_share_type share,
+		struct alginfo *authdata, uint8_t do_icv,
+		uint8_t trunc_len)
+{
+	struct program prg;
+	struct program *p = &prg;
+	uint8_t opicv, dir;
+
+	opicv = do_icv ? ICV_CHECK_ENABLE : ICV_CHECK_DISABLE;
+	dir = do_icv ? DIR_DEC : DIR_ENC;
+
+	PROGRAM_CNTXT_INIT(p, descbuf, 0);
+	if (swap)
+		PROGRAM_SET_BSWAP(p);
+	if (ps)
+		PROGRAM_SET_36BIT_ADDR(p);
+	SHR_HDR(p, share, 1, SC);
+
+	KEY(p, KEY2, authdata->key_enc_flags, authdata->key, authdata->keylen,
+		INLINE_KEY(authdata));
+
+	/* compute sequences */
+	if (opicv == ICV_CHECK_ENABLE)
+		MATHB(p, SEQINSZ, SUB, trunc_len, VSEQINSZ, 4, IMMED2);
+	else
+		MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
+
+	/* Do operation */
+	ALG_OPERATION(p, authdata->algtype, authdata->algmode,
+		OP_ALG_AS_INITFINAL, opicv, dir);
+
+	/* Do load (variable length) */
+	SEQFIFOLOAD(p, MSG2, 0, VLF | LAST2);
+
+	if (opicv == ICV_CHECK_ENABLE) {
+		LOAD(p, trunc_len, ICV2SZ, 0, 4, IMMED);
+		SEQFIFOLOAD(p, ICV2, trunc_len, LAST2);
+	} else
+		SEQSTORE(p, CONTEXT2, 0, trunc_len, 0);
+
+	return PROGRAM_FINALIZE(p);
+}
+
 #endif /* __DESC_ALGO_H__ */
diff --git a/drivers/common/dpaax/caamflib/desc/ipsec.h b/drivers/common/dpaax/caamflib/desc/ipsec.h
index 83dd93f587..668d21649d 100644
--- a/drivers/common/dpaax/caamflib/desc/ipsec.h
+++ b/drivers/common/dpaax/caamflib/desc/ipsec.h
@@ -865,6 +865,7 @@ cnstr_shdsc_ipsec_decap(uint32_t *descbuf, bool ps, bool swap,
  * cnstr_shdsc_ipsec_encap_des_aes_xcbc - IPSec DES-CBC/3DES-CBC and
  *     AES-XCBC-MAC-96 ESP encapsulation shared descriptor.
  * @descbuf: pointer to buffer used for descriptor construction
+ * @share: sharing type of shared descriptor
  * @pdb: pointer to the PDB to be used with this descriptor
  *       This structure will be copied inline to the descriptor under
  *       construction. No error checking will be made. Refer to the
@@ -893,6 +894,7 @@ cnstr_shdsc_ipsec_decap(uint32_t *descbuf, bool ps, bool swap,
  */
 static inline int
 cnstr_shdsc_ipsec_encap_des_aes_xcbc(uint32_t *descbuf,
+				     enum rta_share_type share,
 				     struct ipsec_encap_pdb *pdb,
 				     struct alginfo *cipherdata,
 				     struct alginfo *authdata)
@@ -914,7 +916,7 @@ cnstr_shdsc_ipsec_encap_des_aes_xcbc(uint32_t *descbuf,
 	REFERENCE(write_swapped_seqin_ptr);
 
 	PROGRAM_CNTXT_INIT(p, descbuf, 0);
-	phdr = SHR_HDR(p, SHR_SERIAL, hdr, 0);
+	phdr = SHR_HDR(p, share, hdr, 0);
 	__rta_copy_ipsec_encap_pdb(p, pdb, cipherdata->algtype);
 	COPY_DATA(p, pdb->ip_hdr, pdb->ip_hdr_len);
 	SET_LABEL(p, hdr);
@@ -1001,6 +1003,7 @@ cnstr_shdsc_ipsec_encap_des_aes_xcbc(uint32_t *descbuf,
  * cnstr_shdsc_ipsec_decap_des_aes_xcbc - IPSec DES-CBC/3DES-CBC and
  *     AES-XCBC-MAC-96 ESP decapsulation shared descriptor.
  * @descbuf: pointer to buffer used for descriptor construction
+ * @share: sharing type of shared descriptor
  * @pdb: pointer to the PDB to be used with this descriptor
  *       This structure will be copied inline to the descriptor under
  *       construction. No error checking will be made. Refer to the
@@ -1030,6 +1033,7 @@ cnstr_shdsc_ipsec_encap_des_aes_xcbc(uint32_t *descbuf,
  */
 static inline int
 cnstr_shdsc_ipsec_decap_des_aes_xcbc(uint32_t *descbuf,
+				     enum rta_share_type share,
 				     struct ipsec_decap_pdb *pdb,
 				     struct alginfo *cipherdata,
 				     struct alginfo *authdata)
@@ -1057,7 +1061,7 @@ cnstr_shdsc_ipsec_decap_des_aes_xcbc(uint32_t *descbuf,
 	REFERENCE(write_swapped_seqout_ptr);
 
 	PROGRAM_CNTXT_INIT(p, descbuf, 0);
-	phdr = SHR_HDR(p, SHR_SERIAL, hdr, 0);
+	phdr = SHR_HDR(p, share, hdr, 0);
 	__rta_copy_ipsec_decap_pdb(p, pdb, cipherdata->algtype);
 	SET_LABEL(p, hdr);
 	pkeyjump = JUMP(p, keyjump, LOCAL_JUMP, ALL_TRUE, SHRD | SELF);
@@ -1557,7 +1561,7 @@ cnstr_shdsc_authenc(uint32_t *descbuf, bool ps, bool swap,
 	    cipherdata->keylen, INLINE_KEY(cipherdata));
 
 	/* Do operation */
-	ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC,
+	ALG_OPERATION(p, authdata->algtype, authdata->algmode,
 		      OP_ALG_AS_INITFINAL,
 		      dir == DIR_ENC ? ICV_CHECK_DISABLE : ICV_CHECK_ENABLE,
 		      dir);
@@ -1569,7 +1573,13 @@ cnstr_shdsc_authenc(uint32_t *descbuf, bool ps, bool swap,
 
 	SET_LABEL(p, keyjmp);
 
-	ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC_PRECOMP,
+	if (authdata->algmode == OP_ALG_AAI_HMAC)
+		ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC_PRECOMP,
+		      OP_ALG_AS_INITFINAL,
+		      dir == DIR_ENC ? ICV_CHECK_DISABLE : ICV_CHECK_ENABLE,
+		      dir);
+	else
+		ALG_OPERATION(p, authdata->algtype, authdata->algmode,
 		      OP_ALG_AS_INITFINAL,
 		      dir == DIR_ENC ? ICV_CHECK_DISABLE : ICV_CHECK_ENABLE,
 		      dir);
diff --git a/drivers/common/dpaax/caamflib/rta/operation_cmd.h b/drivers/common/dpaax/caamflib/rta/operation_cmd.h
index 9a1788c0f9..04732aa3d2 100644
--- a/drivers/common/dpaax/caamflib/rta/operation_cmd.h
+++ b/drivers/common/dpaax/caamflib/rta/operation_cmd.h
@@ -243,7 +243,11 @@ rta_operation(struct program *program, uint32_t cipher_algo,
 
 	for (i = 0; i < alg_table_sz[rta_sec_era]; i++) {
 		if (alg_table[i].chipher_algo == cipher_algo) {
-			opcode |= cipher_algo | alg_table[i].class;
+			if ((aai ==  OP_ALG_AAI_XCBC_MAC) ||
+					(aai == OP_ALG_AAI_CBC_XCBCMAC))
+				opcode |= cipher_algo | OP_TYPE_CLASS2_ALG;
+			else
+				opcode |= cipher_algo | alg_table[i].class;
 			/* nothing else to verify */
 			if (alg_table[i].aai_func == NULL) {
 				found = 1;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 6ff0d833e9..a7ff5dba92 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -2134,8 +2134,17 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev,
 					   !session->dir,
 					   session->digest_length);
 		break;
-	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+		authdata.algtype = OP_ALG_ALGSEL_AES;
+		authdata.algmode = OP_ALG_AAI_XCBC_MAC;
+		session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC;
+		bufsize = cnstr_shdsc_aes_xcbc_mac(
+					priv->flc_desc[DESC_INITFINAL].desc,
+					1, 0, SHR_NEVER, &authdata,
+					!session->dir,
+					session->digest_length);
+		break;
+	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_AES_CMAC:
 	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
 	case RTE_CRYPTO_AUTH_KASUMI_F9:
@@ -2406,6 +2415,10 @@ dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev,
 		session->auth_alg = RTE_CRYPTO_AUTH_SHA512_HMAC;
 		break;
 	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+		authdata.algtype = OP_ALG_ALGSEL_AES;
+		authdata.algmode = OP_ALG_AAI_XCBC_MAC;
+		session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC;
+		break;
 	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 	case RTE_CRYPTO_AUTH_NULL:
 	case RTE_CRYPTO_AUTH_SHA1:
@@ -2750,6 +2763,10 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
 		authdata->algtype = OP_PCL_IPSEC_HMAC_SHA2_512_256;
 		authdata->algmode = OP_ALG_AAI_HMAC;
 		break;
+	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+		authdata->algtype = OP_PCL_IPSEC_AES_XCBC_MAC_96;
+		authdata->algmode = OP_ALG_AAI_XCBC_MAC;
+		break;
 	case RTE_CRYPTO_AUTH_AES_CMAC:
 		authdata->algtype = OP_PCL_IPSEC_AES_CMAC_96;
 		break;
@@ -2757,7 +2774,6 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
 		authdata->algtype = OP_PCL_IPSEC_HMAC_NULL;
 		break;
 	case RTE_CRYPTO_AUTH_SHA224_HMAC:
-	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
 	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 	case RTE_CRYPTO_AUTH_SHA1:
 	case RTE_CRYPTO_AUTH_SHA256:
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index 26f3d79db4..bbe4ee00da 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -504,6 +504,27 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* AES XCBC HMAC */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 12,
+					.max = 12,
+					.increment = 0
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 	{	/* NULL (CIPHER) */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
-- 
2.17.1


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [dpdk-dev] [PATCH 2/5] test/crypto: add AES-XCBC hash only test case
  2021-01-07 10:54 [dpdk-dev] [PATCH 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC Hemant Agrawal
@ 2021-01-07 10:54 ` Hemant Agrawal
  2021-01-07 10:54 ` [dpdk-dev] [PATCH 3/5] common/dpaax/caamflib: update zuc-zuc descriptor sharing Hemant Agrawal
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 11+ messages in thread
From: Hemant Agrawal @ 2021-01-07 10:54 UTC (permalink / raw)
  To: dev, akhil.goyal; +Cc: Hemant Agrawal

This patch adds test case for AES-XCBC hash only for
Digest and Digest-verify

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
 app/test/test_cryptodev_hash_test_vectors.h | 41 +++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/app/test/test_cryptodev_hash_test_vectors.h b/app/test/test_cryptodev_hash_test_vectors.h
index e261dfe36c..8b23f011e8 100644
--- a/app/test/test_cryptodev_hash_test_vectors.h
+++ b/app/test/test_cryptodev_hash_test_vectors.h
@@ -352,6 +352,37 @@ cmac_test_vector = {
 	}
 };
 
+static const uint8_t aes_xcbc_mac_plain_text[32] = {
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+};
+
+static const struct blockcipher_test_data
+aes_xcbc_mac_test_vector = {
+	.auth_algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
+	.ciphertext = {
+		.data = (uint8_t *)&aes_xcbc_mac_plain_text,
+		.len = 32
+	},
+	.auth_key = {
+		.data = {
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+		},
+		.len = 16
+	},
+	.digest = {
+		.data = {
+			0xf5, 0x4f, 0x0e, 0xc8, 0xd2, 0xb9, 0xf3, 0xd3,
+			0x68, 0x07, 0x73, 0x4b, 0xd5, 0x28, 0x3f, 0xd4
+		},
+		.len = 16,
+		.truncated_len = 16
+	}
+};
+
 static const struct blockcipher_test_data
 null_auth_test_vector = {
 	.auth_algo = RTE_CRYPTO_AUTH_NULL,
@@ -576,6 +607,16 @@ static const struct blockcipher_test_case hash_test_cases[] = {
 		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
 		.feature_mask = BLOCKCIPHER_TEST_FEATURE_OOP,
 	},
+	{
+		.test_descr = "AES-XCBC-MAC Digest 16B",
+		.test_data = &aes_xcbc_mac_test_vector,
+		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
+	},
+	{
+		.test_descr = "AES-XCBC-MAC Digest Verify 16B",
+		.test_data = &aes_xcbc_mac_test_vector,
+		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
+	},
 
 };
 
-- 
2.17.1


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [dpdk-dev] [PATCH 3/5] common/dpaax/caamflib: update zuc-zuc descriptor sharing
  2021-01-07 10:54 [dpdk-dev] [PATCH 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC Hemant Agrawal
  2021-01-07 10:54 ` [dpdk-dev] [PATCH 2/5] test/crypto: add AES-XCBC hash only test case Hemant Agrawal
@ 2021-01-07 10:54 ` Hemant Agrawal
  2021-01-07 10:54 ` [dpdk-dev] [PATCH 4/5] crypto/dpaa2_sec: add support for AES CMAC integrity check Hemant Agrawal
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 11+ messages in thread
From: Hemant Agrawal @ 2021-01-07 10:54 UTC (permalink / raw)
  To: dev, akhil.goyal

From: Akhil Goyal <akhil.goyal@nxp.com>

the descriptor sharing needed to be changed for ZUC+ZUC as we
were getting invalid CHA combination error due to sharing
being done on DECOs simultaneously.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 drivers/common/dpaax/caamflib/desc/pdcp.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index f084cf1de0..659e289a45 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -3282,7 +3282,7 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t *descbuf,
 			SHR_ALWAYS,	/* NULL */
 			SHR_WAIT,	/* SNOW f9 */
 			SHR_WAIT,	/* AES CMAC */
-			SHR_ALWAYS	/* ZUC-I */
+			SHR_WAIT	/* ZUC-I */
 		},
 	};
 	LABEL(pdb_end);
@@ -3485,7 +3485,7 @@ cnstr_shdsc_pdcp_u_plane_decap(uint32_t *descbuf,
 			SHR_ALWAYS,	/* NULL */
 			SHR_WAIT,	/* SNOW f9 */
 			SHR_WAIT,	/* AES CMAC */
-			SHR_ALWAYS	/* ZUC-I */
+			SHR_WAIT	/* ZUC-I */
 		},
 	};
 
-- 
2.17.1


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [dpdk-dev] [PATCH 4/5] crypto/dpaa2_sec: add support for AES CMAC integrity check
  2021-01-07 10:54 [dpdk-dev] [PATCH 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC Hemant Agrawal
  2021-01-07 10:54 ` [dpdk-dev] [PATCH 2/5] test/crypto: add AES-XCBC hash only test case Hemant Agrawal
  2021-01-07 10:54 ` [dpdk-dev] [PATCH 3/5] common/dpaax/caamflib: update zuc-zuc descriptor sharing Hemant Agrawal
@ 2021-01-07 10:54 ` Hemant Agrawal
  2021-01-07 10:54 ` [dpdk-dev] [PATCH 5/5] crypto/dpaa_sec: reduce the log on queue closure Hemant Agrawal
  2021-01-14  7:04 ` [dpdk-dev] [PATCH v2 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC Hemant Agrawal
  4 siblings, 0 replies; 11+ messages in thread
From: Hemant Agrawal @ 2021-01-07 10:54 UTC (permalink / raw)
  To: dev, akhil.goyal; +Cc: Hemant Agrawal

This patch adds support for AES_CMAC integrity in non-security mode.
This patch modifies the camm flib to handles the AES CMAC
without conflicting the proto ALG operations. i.e. by creating
another ALG operation routine.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
 doc/guides/cryptodevs/dpaa2_sec.rst           |   1 +
 doc/guides/cryptodevs/features/dpaa2_sec.ini  |   1 +
 drivers/common/dpaax/caamflib/desc/algo.h     |  16 ++-
 drivers/common/dpaax/caamflib/rta.h           |   3 +
 .../common/dpaax/caamflib/rta/operation_cmd.h | 103 +++++++++++++++++-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  39 ++++++-
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h     |  21 ++++
 7 files changed, 171 insertions(+), 13 deletions(-)

diff --git a/doc/guides/cryptodevs/dpaa2_sec.rst b/doc/guides/cryptodevs/dpaa2_sec.rst
index 275ccf28de..a7fc9cef99 100644
--- a/doc/guides/cryptodevs/dpaa2_sec.rst
+++ b/doc/guides/cryptodevs/dpaa2_sec.rst
@@ -122,6 +122,7 @@ Hash algorithms:
 * ``RTE_CRYPTO_AUTH_SHA512_HMAC``
 * ``RTE_CRYPTO_AUTH_MD5_HMAC``
 * ``RTE_CRYPTO_AUTH_AES_XCBC_MAC``
+* ``RTE_CRYPTO_AUTH_AES_CMAC``
 
 AEAD algorithms:
 
diff --git a/doc/guides/cryptodevs/features/dpaa2_sec.ini b/doc/guides/cryptodevs/features/dpaa2_sec.ini
index 9828d1528e..a1c91821de 100644
--- a/doc/guides/cryptodevs/features/dpaa2_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa2_sec.ini
@@ -48,6 +48,7 @@ SHA512 HMAC  = Y
 SNOW3G UIA2  = Y
 AES XCBC MAC = Y
 ZUC EIA3     = Y
+AES CMAC (128) = Y
 
 ;
 ; Supported AEAD algorithms of the 'dpaa2_sec' crypto driver.
diff --git a/drivers/common/dpaax/caamflib/desc/algo.h b/drivers/common/dpaax/caamflib/desc/algo.h
index cf43d9c14c..7f66ee5fd9 100644
--- a/drivers/common/dpaax/caamflib/desc/algo.h
+++ b/drivers/common/dpaax/caamflib/desc/algo.h
@@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
  *
  * Copyright 2008-2016 Freescale Semiconductor Inc.
- * Copyright 2016,2019-2020 NXP
+ * Copyright 2016,2019-2021 NXP
  *
  */
 
@@ -435,13 +435,17 @@ cnstr_shdsc_hmac(uint32_t *descbuf, bool ps, bool swap,
 	    INLINE_KEY(authdata));
 
 	/* Do operation */
-	ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC,
+	ALG_OPERATION(p, authdata->algtype, authdata->algmode,
 		      OP_ALG_AS_INITFINAL, opicv, dir);
 
 	pjmpprecomp = JUMP(p, jmpprecomp, LOCAL_JUMP, ALL_TRUE, 0);
 	SET_LABEL(p, keyjmp);
 
-	ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC_PRECOMP,
+	if (authdata->algmode == OP_ALG_AAI_HMAC)
+		ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC_PRECOMP,
+		      OP_ALG_AS_INITFINAL, opicv, dir);
+	else
+		ALG_OPERATION(p, authdata->algtype, authdata->algmode,
 		      OP_ALG_AS_INITFINAL, opicv, dir);
 
 	SET_LABEL(p, jmpprecomp);
@@ -874,7 +878,7 @@ cnstr_shdsc_gcm_decap(uint32_t *descbuf, bool ps, bool swap,
 }
 
 /**
- * cnstr_shdsc_aes_xcbc_mac - AES_XCBC_MAC
+ * cnstr_shdsc_aes_xx_mac - AES_XCBC_MAC, CMAC cases
  * @descbuf: pointer to descriptor-under-construction buffer
  * @ps: if 36/40bit addressing is desired, this parameter must be true
  * @swap: must be true when core endianness doesn't match SEC endianness
@@ -892,7 +896,7 @@ cnstr_shdsc_gcm_decap(uint32_t *descbuf, bool ps, bool swap,
  * Return: size of descriptor written in words or negative number on error
  */
 static inline int
-cnstr_shdsc_aes_xcbc_mac(uint32_t *descbuf, bool ps, bool swap,
+cnstr_shdsc_aes_xx_mac(uint32_t *descbuf, bool ps, bool swap,
 		enum rta_share_type share,
 		struct alginfo *authdata, uint8_t do_icv,
 		uint8_t trunc_len)
@@ -921,7 +925,7 @@ cnstr_shdsc_aes_xcbc_mac(uint32_t *descbuf, bool ps, bool swap,
 		MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
 
 	/* Do operation */
-	ALG_OPERATION(p, authdata->algtype, authdata->algmode,
+	ALG_OPERATION_NP(p, authdata->algtype, authdata->algmode,
 		OP_ALG_AS_INITFINAL, opicv, dir);
 
 	/* Do load (variable length) */
diff --git a/drivers/common/dpaax/caamflib/rta.h b/drivers/common/dpaax/caamflib/rta.h
index c4bbad0b41..e5a736346e 100644
--- a/drivers/common/dpaax/caamflib/rta.h
+++ b/drivers/common/dpaax/caamflib/rta.h
@@ -485,6 +485,9 @@ rta_get_sec_era(void)
 #define ALG_OPERATION(program, cipher_alg, aai, algo_state, icv_check, enc) \
 	rta_operation(program, cipher_alg, aai, algo_state, icv_check, enc)
 
+#define ALG_OPERATION_NP(program, cipher_alg, aai, algo_state, icv_check, enc) \
+	rta_operation2(program, cipher_alg, aai, algo_state, icv_check, enc)
+
 /**
  * PROTOCOL - Configures PROTOCOL OPERATION command
  * @program: pointer to struct program
diff --git a/drivers/common/dpaax/caamflib/rta/operation_cmd.h b/drivers/common/dpaax/caamflib/rta/operation_cmd.h
index 04732aa3d2..f341fdcc54 100644
--- a/drivers/common/dpaax/caamflib/rta/operation_cmd.h
+++ b/drivers/common/dpaax/caamflib/rta/operation_cmd.h
@@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
  *
  * Copyright 2008-2016 Freescale Semiconductor Inc.
- * Copyright 2016,2019 NXP
+ * Copyright 2016,2019-2021 NXP
  */
 
 #ifndef __RTA_OPERATION_CMD_H__
@@ -328,6 +328,107 @@ rta_operation(struct program *program, uint32_t cipher_algo,
 	return ret;
 }
 
+/* For non-proto offload CMAC, GMAC etc cases */
+static inline int
+rta_operation2(struct program *program, uint32_t cipher_algo,
+	      uint16_t aai, uint8_t algo_state,
+	      int icv_checking, int enc)
+{
+	uint32_t opcode = CMD_OPERATION;
+	unsigned int i, found = 0;
+	unsigned int start_pc = program->current_pc;
+	int ret;
+
+	for (i = 0; i < alg_table_sz[rta_sec_era]; i++) {
+		if (alg_table[i].chipher_algo == cipher_algo) {
+			if ((aai ==  OP_ALG_AAI_XCBC_MAC) ||
+					(aai == OP_ALG_AAI_CBC_XCBCMAC) ||
+					(aai == OP_ALG_AAI_GCM) ||
+					(aai == OP_ALG_AAI_CMAC) ||
+					(aai == OP_ALG_AAI_CBC_CMAC))
+				opcode |= cipher_algo | OP_TYPE_CLASS2_ALG;
+			else
+				opcode |= cipher_algo | alg_table[i].class;
+			/* nothing else to verify */
+			if (alg_table[i].aai_func == NULL) {
+				found = 1;
+				break;
+			}
+
+			aai &= OP_ALG_AAI_MASK;
+
+			ret = (*alg_table[i].aai_func)(aai);
+			if (ret < 0) {
+				pr_err("OPERATION: Bad AAI Type. SEC Program Line: %d\n",
+				       program->current_pc);
+				goto err;
+			}
+			opcode |= aai;
+			found = 1;
+			break;
+		}
+	}
+	if (!found) {
+		pr_err("OPERATION: Invalid Command. SEC Program Line: %d\n",
+		       program->current_pc);
+		ret = -EINVAL;
+		goto err;
+	}
+
+	switch (algo_state) {
+	case OP_ALG_AS_UPDATE:
+	case OP_ALG_AS_INIT:
+	case OP_ALG_AS_FINALIZE:
+	case OP_ALG_AS_INITFINAL:
+		opcode |= algo_state;
+		break;
+	default:
+		pr_err("Invalid Operation Command\n");
+		ret = -EINVAL;
+		goto err;
+	}
+
+	switch (icv_checking) {
+	case ICV_CHECK_DISABLE:
+		/*
+		 * opcode |= OP_ALG_ICV_OFF;
+		 * OP_ALG_ICV_OFF is 0
+		 */
+		break;
+	case ICV_CHECK_ENABLE:
+		opcode |= OP_ALG_ICV_ON;
+		break;
+	default:
+		pr_err("Invalid Operation Command\n");
+		ret = -EINVAL;
+		goto err;
+	}
+
+	switch (enc) {
+	case DIR_DEC:
+		/*
+		 * opcode |= OP_ALG_DECRYPT;
+		 * OP_ALG_DECRYPT is 0
+		 */
+		break;
+	case DIR_ENC:
+		opcode |= OP_ALG_ENCRYPT;
+		break;
+	default:
+		pr_err("Invalid Operation Command\n");
+		ret = -EINVAL;
+		goto err;
+	}
+
+	__rta_out32(program, opcode);
+	program->current_instruction++;
+	return (int)start_pc;
+
+ err:
+	program->first_error_pc = start_pc;
+	return ret;
+}
+
 /*
  * OPERATION PKHA routines
  */
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index a7ff5dba92..aeb77d8c7d 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: BSD-3-Clause
  *
  *   Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- *   Copyright 2016-2020 NXP
+ *   Copyright 2016-2021 NXP
  *
  */
 
@@ -2138,15 +2138,33 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev,
 		authdata.algtype = OP_ALG_ALGSEL_AES;
 		authdata.algmode = OP_ALG_AAI_XCBC_MAC;
 		session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC;
-		bufsize = cnstr_shdsc_aes_xcbc_mac(
+		bufsize = cnstr_shdsc_aes_xx_mac(
 					priv->flc_desc[DESC_INITFINAL].desc,
 					1, 0, SHR_NEVER, &authdata,
 					!session->dir,
 					session->digest_length);
 		break;
-	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_AES_CMAC:
+		authdata.algtype = OP_ALG_ALGSEL_AES;
+		authdata.algmode = OP_ALG_AAI_CMAC;
+		session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC;
+		bufsize = cnstr_shdsc_aes_xx_mac(
+					   priv->flc_desc[DESC_INITFINAL].desc,
+					   1, 0, SHR_NEVER, &authdata,
+					   !session->dir,
+					   session->digest_length);
+		break;
 	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
+		authdata.algtype = OP_ALG_ALGSEL_AES;
+		authdata.algmode = OP_ALG_AAI_CBC_XCBCMAC;
+		session->auth_alg = RTE_CRYPTO_AUTH_AES_CBC_MAC;
+		bufsize = cnstr_shdsc_aes_xx_mac(
+					   priv->flc_desc[DESC_INITFINAL].desc,
+					   1, 0, SHR_NEVER, &authdata,
+					   !session->dir,
+					   session->digest_length);
+		break;
+	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_KASUMI_F9:
 	case RTE_CRYPTO_AUTH_NULL:
 		DPAA2_SEC_ERR("Crypto: Unsupported auth alg %un",
@@ -2419,6 +2437,17 @@ dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev,
 		authdata.algmode = OP_ALG_AAI_XCBC_MAC;
 		session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC;
 		break;
+	case RTE_CRYPTO_AUTH_AES_CMAC:
+		authdata.algtype = OP_ALG_ALGSEL_AES;
+		authdata.algmode = OP_ALG_AAI_CMAC;
+		session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC;
+		break;
+	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
+		authdata.algtype = OP_ALG_ALGSEL_AES;
+		authdata.algmode = OP_ALG_AAI_CBC_XCBCMAC;
+		session->auth_alg = RTE_CRYPTO_AUTH_AES_CBC_MAC;
+		break;
+	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 	case RTE_CRYPTO_AUTH_NULL:
 	case RTE_CRYPTO_AUTH_SHA1:
@@ -2427,10 +2456,7 @@ dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev,
 	case RTE_CRYPTO_AUTH_SHA224:
 	case RTE_CRYPTO_AUTH_SHA384:
 	case RTE_CRYPTO_AUTH_MD5:
-	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_KASUMI_F9:
-	case RTE_CRYPTO_AUTH_AES_CMAC:
-	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
 	case RTE_CRYPTO_AUTH_ZUC_EIA3:
 		DPAA2_SEC_ERR("Crypto: Unsupported auth alg %u",
 			      auth_xform->algo);
@@ -2769,6 +2795,7 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
 		break;
 	case RTE_CRYPTO_AUTH_AES_CMAC:
 		authdata->algtype = OP_PCL_IPSEC_AES_CMAC_96;
+		authdata->algmode = OP_ALG_AAI_CCM;
 		break;
 	case RTE_CRYPTO_AUTH_NULL:
 		authdata->algtype = OP_PCL_IPSEC_HMAC_NULL;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index bbe4ee00da..a537298473 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -525,6 +525,27 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* AES CMAC */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_AES_CMAC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 1,
+					.max = 16,
+					.increment = 1
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 	{	/* NULL (CIPHER) */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
-- 
2.17.1


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [dpdk-dev] [PATCH 5/5] crypto/dpaa_sec: reduce the log on queue closure
  2021-01-07 10:54 [dpdk-dev] [PATCH 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC Hemant Agrawal
                   ` (2 preceding siblings ...)
  2021-01-07 10:54 ` [dpdk-dev] [PATCH 4/5] crypto/dpaa2_sec: add support for AES CMAC integrity check Hemant Agrawal
@ 2021-01-07 10:54 ` Hemant Agrawal
  2021-01-14  7:04 ` [dpdk-dev] [PATCH v2 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC Hemant Agrawal
  4 siblings, 0 replies; 11+ messages in thread
From: Hemant Agrawal @ 2021-01-07 10:54 UTC (permalink / raw)
  To: dev, akhil.goyal; +Cc: Hemant Agrawal

if for some reason the queue is not close properly,
specially in test cases.
The QUEUE retire prints are flooding the screen.
They are not really required as WARNING.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
 drivers/crypto/dpaa_sec/dpaa_sec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 44c742738f..a4c4b094bb 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -2283,7 +2283,7 @@ dpaa_sec_detach_rxq(struct dpaa_sec_dev_private *qi, struct qman_fq *fq)
 	for (i = 0; i < RTE_DPAA_MAX_RX_QUEUE; i++) {
 		if (&qi->inq[i] == fq) {
 			if (qman_retire_fq(fq, NULL) != 0)
-				DPAA_SEC_WARN("Queue is not retired\n");
+				DPAA_SEC_DEBUG("Queue is not retired\n");
 			qman_oos_fq(fq);
 			qi->inq_attach[i] = 0;
 			return 0;
-- 
2.17.1


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [dpdk-dev] [PATCH v2 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC
  2021-01-07 10:54 [dpdk-dev] [PATCH 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC Hemant Agrawal
                   ` (3 preceding siblings ...)
  2021-01-07 10:54 ` [dpdk-dev] [PATCH 5/5] crypto/dpaa_sec: reduce the log on queue closure Hemant Agrawal
@ 2021-01-14  7:04 ` Hemant Agrawal
  2021-01-14  7:04   ` [dpdk-dev] [PATCH v2 2/5] test/crypto: add AES-XCBC hash only test case Hemant Agrawal
                     ` (4 more replies)
  4 siblings, 5 replies; 11+ messages in thread
From: Hemant Agrawal @ 2021-01-14  7:04 UTC (permalink / raw)
  To: dev, akhil.goyal; +Cc: Barry Cao

From: Akhil Goyal <akhil.goyal@nxp.com>

This patch add support for AES-XCBC-MAC for following cases
- AES-XCBC-MAC auth only
- AES-CBC/CTR + AES-XCBC-MAC (non-proto)
- AES-CBC/CTR + AES-XCBC-MAC (protocol offload)
- DES-CBC + AES-XCBC-MAC (non-proto)
- 3DES-CBC + AES-XCBC-MAC (non-proto)

Signed-off-by: Barry Cao <barry.cao@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 doc/guides/cryptodevs/dpaa2_sec.rst           |  1 +
 doc/guides/cryptodevs/features/dpaa2_sec.ini  |  1 +
 drivers/common/dpaax/caamflib/desc/algo.h     | 63 +++++++++++++++++++
 drivers/common/dpaax/caamflib/desc/ipsec.h    | 18 ++++--
 .../common/dpaax/caamflib/rta/operation_cmd.h |  6 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   | 20 +++++-
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h     | 22 +++++++
 7 files changed, 124 insertions(+), 7 deletions(-)

diff --git a/doc/guides/cryptodevs/dpaa2_sec.rst b/doc/guides/cryptodevs/dpaa2_sec.rst
index 83565d7175..275ccf28de 100644
--- a/doc/guides/cryptodevs/dpaa2_sec.rst
+++ b/doc/guides/cryptodevs/dpaa2_sec.rst
@@ -121,6 +121,7 @@ Hash algorithms:
 * ``RTE_CRYPTO_AUTH_SHA384_HMAC``
 * ``RTE_CRYPTO_AUTH_SHA512_HMAC``
 * ``RTE_CRYPTO_AUTH_MD5_HMAC``
+* ``RTE_CRYPTO_AUTH_AES_XCBC_MAC``
 
 AEAD algorithms:
 
diff --git a/doc/guides/cryptodevs/features/dpaa2_sec.ini b/doc/guides/cryptodevs/features/dpaa2_sec.ini
index 02c1bf4185..9828d1528e 100644
--- a/doc/guides/cryptodevs/features/dpaa2_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa2_sec.ini
@@ -46,6 +46,7 @@ SHA384 HMAC  = Y
 SHA512       = Y
 SHA512 HMAC  = Y
 SNOW3G UIA2  = Y
+AES XCBC MAC = Y
 ZUC EIA3     = Y
 
 ;
diff --git a/drivers/common/dpaax/caamflib/desc/algo.h b/drivers/common/dpaax/caamflib/desc/algo.h
index 41cac5abd0..cf43d9c14c 100644
--- a/drivers/common/dpaax/caamflib/desc/algo.h
+++ b/drivers/common/dpaax/caamflib/desc/algo.h
@@ -873,4 +873,67 @@ cnstr_shdsc_gcm_decap(uint32_t *descbuf, bool ps, bool swap,
 	return PROGRAM_FINALIZE(p);
 }
 
+/**
+ * cnstr_shdsc_aes_xcbc_mac - AES_XCBC_MAC
+ * @descbuf: pointer to descriptor-under-construction buffer
+ * @ps: if 36/40bit addressing is desired, this parameter must be true
+ * @swap: must be true when core endianness doesn't match SEC endianness
+ * @share: sharing type of shared descriptor
+ * @authdata: pointer to authentication transform definitions;
+ *		   message digest algorithm: OP_ALG_ALGSEL_AES.
+ * @do_icv: 0 if ICV checking is not desired, any other value if ICV checking
+ *          is needed for all the packets processed by this shared descriptor
+ * @trunc_len: Length of the truncated ICV to be written in the output buffer,
+ *             0 if no truncation is needed
+ *
+ * Note: There's no support for keys longer than the block size of the
+ * underlying hash function, according to the selected algorithm.
+ *
+ * Return: size of descriptor written in words or negative number on error
+ */
+static inline int
+cnstr_shdsc_aes_xcbc_mac(uint32_t *descbuf, bool ps, bool swap,
+		enum rta_share_type share,
+		struct alginfo *authdata, uint8_t do_icv,
+		uint8_t trunc_len)
+{
+	struct program prg;
+	struct program *p = &prg;
+	uint8_t opicv, dir;
+
+	opicv = do_icv ? ICV_CHECK_ENABLE : ICV_CHECK_DISABLE;
+	dir = do_icv ? DIR_DEC : DIR_ENC;
+
+	PROGRAM_CNTXT_INIT(p, descbuf, 0);
+	if (swap)
+		PROGRAM_SET_BSWAP(p);
+	if (ps)
+		PROGRAM_SET_36BIT_ADDR(p);
+	SHR_HDR(p, share, 1, SC);
+
+	KEY(p, KEY2, authdata->key_enc_flags, authdata->key, authdata->keylen,
+		INLINE_KEY(authdata));
+
+	/* compute sequences */
+	if (opicv == ICV_CHECK_ENABLE)
+		MATHB(p, SEQINSZ, SUB, trunc_len, VSEQINSZ, 4, IMMED2);
+	else
+		MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
+
+	/* Do operation */
+	ALG_OPERATION(p, authdata->algtype, authdata->algmode,
+		OP_ALG_AS_INITFINAL, opicv, dir);
+
+	/* Do load (variable length) */
+	SEQFIFOLOAD(p, MSG2, 0, VLF | LAST2);
+
+	if (opicv == ICV_CHECK_ENABLE) {
+		LOAD(p, trunc_len, ICV2SZ, 0, 4, IMMED);
+		SEQFIFOLOAD(p, ICV2, trunc_len, LAST2);
+	} else
+		SEQSTORE(p, CONTEXT2, 0, trunc_len, 0);
+
+	return PROGRAM_FINALIZE(p);
+}
+
 #endif /* __DESC_ALGO_H__ */
diff --git a/drivers/common/dpaax/caamflib/desc/ipsec.h b/drivers/common/dpaax/caamflib/desc/ipsec.h
index 83dd93f587..668d21649d 100644
--- a/drivers/common/dpaax/caamflib/desc/ipsec.h
+++ b/drivers/common/dpaax/caamflib/desc/ipsec.h
@@ -865,6 +865,7 @@ cnstr_shdsc_ipsec_decap(uint32_t *descbuf, bool ps, bool swap,
  * cnstr_shdsc_ipsec_encap_des_aes_xcbc - IPSec DES-CBC/3DES-CBC and
  *     AES-XCBC-MAC-96 ESP encapsulation shared descriptor.
  * @descbuf: pointer to buffer used for descriptor construction
+ * @share: sharing type of shared descriptor
  * @pdb: pointer to the PDB to be used with this descriptor
  *       This structure will be copied inline to the descriptor under
  *       construction. No error checking will be made. Refer to the
@@ -893,6 +894,7 @@ cnstr_shdsc_ipsec_decap(uint32_t *descbuf, bool ps, bool swap,
  */
 static inline int
 cnstr_shdsc_ipsec_encap_des_aes_xcbc(uint32_t *descbuf,
+				     enum rta_share_type share,
 				     struct ipsec_encap_pdb *pdb,
 				     struct alginfo *cipherdata,
 				     struct alginfo *authdata)
@@ -914,7 +916,7 @@ cnstr_shdsc_ipsec_encap_des_aes_xcbc(uint32_t *descbuf,
 	REFERENCE(write_swapped_seqin_ptr);
 
 	PROGRAM_CNTXT_INIT(p, descbuf, 0);
-	phdr = SHR_HDR(p, SHR_SERIAL, hdr, 0);
+	phdr = SHR_HDR(p, share, hdr, 0);
 	__rta_copy_ipsec_encap_pdb(p, pdb, cipherdata->algtype);
 	COPY_DATA(p, pdb->ip_hdr, pdb->ip_hdr_len);
 	SET_LABEL(p, hdr);
@@ -1001,6 +1003,7 @@ cnstr_shdsc_ipsec_encap_des_aes_xcbc(uint32_t *descbuf,
  * cnstr_shdsc_ipsec_decap_des_aes_xcbc - IPSec DES-CBC/3DES-CBC and
  *     AES-XCBC-MAC-96 ESP decapsulation shared descriptor.
  * @descbuf: pointer to buffer used for descriptor construction
+ * @share: sharing type of shared descriptor
  * @pdb: pointer to the PDB to be used with this descriptor
  *       This structure will be copied inline to the descriptor under
  *       construction. No error checking will be made. Refer to the
@@ -1030,6 +1033,7 @@ cnstr_shdsc_ipsec_encap_des_aes_xcbc(uint32_t *descbuf,
  */
 static inline int
 cnstr_shdsc_ipsec_decap_des_aes_xcbc(uint32_t *descbuf,
+				     enum rta_share_type share,
 				     struct ipsec_decap_pdb *pdb,
 				     struct alginfo *cipherdata,
 				     struct alginfo *authdata)
@@ -1057,7 +1061,7 @@ cnstr_shdsc_ipsec_decap_des_aes_xcbc(uint32_t *descbuf,
 	REFERENCE(write_swapped_seqout_ptr);
 
 	PROGRAM_CNTXT_INIT(p, descbuf, 0);
-	phdr = SHR_HDR(p, SHR_SERIAL, hdr, 0);
+	phdr = SHR_HDR(p, share, hdr, 0);
 	__rta_copy_ipsec_decap_pdb(p, pdb, cipherdata->algtype);
 	SET_LABEL(p, hdr);
 	pkeyjump = JUMP(p, keyjump, LOCAL_JUMP, ALL_TRUE, SHRD | SELF);
@@ -1557,7 +1561,7 @@ cnstr_shdsc_authenc(uint32_t *descbuf, bool ps, bool swap,
 	    cipherdata->keylen, INLINE_KEY(cipherdata));
 
 	/* Do operation */
-	ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC,
+	ALG_OPERATION(p, authdata->algtype, authdata->algmode,
 		      OP_ALG_AS_INITFINAL,
 		      dir == DIR_ENC ? ICV_CHECK_DISABLE : ICV_CHECK_ENABLE,
 		      dir);
@@ -1569,7 +1573,13 @@ cnstr_shdsc_authenc(uint32_t *descbuf, bool ps, bool swap,
 
 	SET_LABEL(p, keyjmp);
 
-	ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC_PRECOMP,
+	if (authdata->algmode == OP_ALG_AAI_HMAC)
+		ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC_PRECOMP,
+		      OP_ALG_AS_INITFINAL,
+		      dir == DIR_ENC ? ICV_CHECK_DISABLE : ICV_CHECK_ENABLE,
+		      dir);
+	else
+		ALG_OPERATION(p, authdata->algtype, authdata->algmode,
 		      OP_ALG_AS_INITFINAL,
 		      dir == DIR_ENC ? ICV_CHECK_DISABLE : ICV_CHECK_ENABLE,
 		      dir);
diff --git a/drivers/common/dpaax/caamflib/rta/operation_cmd.h b/drivers/common/dpaax/caamflib/rta/operation_cmd.h
index 9a1788c0f9..04732aa3d2 100644
--- a/drivers/common/dpaax/caamflib/rta/operation_cmd.h
+++ b/drivers/common/dpaax/caamflib/rta/operation_cmd.h
@@ -243,7 +243,11 @@ rta_operation(struct program *program, uint32_t cipher_algo,
 
 	for (i = 0; i < alg_table_sz[rta_sec_era]; i++) {
 		if (alg_table[i].chipher_algo == cipher_algo) {
-			opcode |= cipher_algo | alg_table[i].class;
+			if ((aai ==  OP_ALG_AAI_XCBC_MAC) ||
+					(aai == OP_ALG_AAI_CBC_XCBCMAC))
+				opcode |= cipher_algo | OP_TYPE_CLASS2_ALG;
+			else
+				opcode |= cipher_algo | alg_table[i].class;
 			/* nothing else to verify */
 			if (alg_table[i].aai_func == NULL) {
 				found = 1;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 6ff0d833e9..a7ff5dba92 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -2134,8 +2134,17 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev,
 					   !session->dir,
 					   session->digest_length);
 		break;
-	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+		authdata.algtype = OP_ALG_ALGSEL_AES;
+		authdata.algmode = OP_ALG_AAI_XCBC_MAC;
+		session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC;
+		bufsize = cnstr_shdsc_aes_xcbc_mac(
+					priv->flc_desc[DESC_INITFINAL].desc,
+					1, 0, SHR_NEVER, &authdata,
+					!session->dir,
+					session->digest_length);
+		break;
+	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_AES_CMAC:
 	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
 	case RTE_CRYPTO_AUTH_KASUMI_F9:
@@ -2406,6 +2415,10 @@ dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev,
 		session->auth_alg = RTE_CRYPTO_AUTH_SHA512_HMAC;
 		break;
 	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+		authdata.algtype = OP_ALG_ALGSEL_AES;
+		authdata.algmode = OP_ALG_AAI_XCBC_MAC;
+		session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC;
+		break;
 	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 	case RTE_CRYPTO_AUTH_NULL:
 	case RTE_CRYPTO_AUTH_SHA1:
@@ -2750,6 +2763,10 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
 		authdata->algtype = OP_PCL_IPSEC_HMAC_SHA2_512_256;
 		authdata->algmode = OP_ALG_AAI_HMAC;
 		break;
+	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+		authdata->algtype = OP_PCL_IPSEC_AES_XCBC_MAC_96;
+		authdata->algmode = OP_ALG_AAI_XCBC_MAC;
+		break;
 	case RTE_CRYPTO_AUTH_AES_CMAC:
 		authdata->algtype = OP_PCL_IPSEC_AES_CMAC_96;
 		break;
@@ -2757,7 +2774,6 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
 		authdata->algtype = OP_PCL_IPSEC_HMAC_NULL;
 		break;
 	case RTE_CRYPTO_AUTH_SHA224_HMAC:
-	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
 	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 	case RTE_CRYPTO_AUTH_SHA1:
 	case RTE_CRYPTO_AUTH_SHA256:
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index 26f3d79db4..35cf5b5dad 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -504,6 +504,28 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* AES XCBC HMAC */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
+				.block_size = 16,
+				.key_size = {
+					.min = 1,
+					.max = 16,
+					.increment = 1
+				},
+				.digest_size = {
+					.min = 12,
+					.max = 16,
+					.increment = 4
+				},
+				.aad_size = { 0 },
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 	{	/* NULL (CIPHER) */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
-- 
2.17.1


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [dpdk-dev] [PATCH v2 2/5] test/crypto: add AES-XCBC hash only test case
  2021-01-14  7:04 ` [dpdk-dev] [PATCH v2 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC Hemant Agrawal
@ 2021-01-14  7:04   ` Hemant Agrawal
  2021-01-14  7:05   ` [dpdk-dev] [PATCH v2 3/5] common/dpaax/caamflib: update zuc-zuc descriptor sharing Hemant Agrawal
                     ` (3 subsequent siblings)
  4 siblings, 0 replies; 11+ messages in thread
From: Hemant Agrawal @ 2021-01-14  7:04 UTC (permalink / raw)
  To: dev, akhil.goyal

This patch adds test case for AES-XCBC hash only for
Digest and Digest-verify

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
 app/test/test_cryptodev_hash_test_vectors.h | 35 +++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/app/test/test_cryptodev_hash_test_vectors.h b/app/test/test_cryptodev_hash_test_vectors.h
index e261dfe36c..f7a0981636 100644
--- a/app/test/test_cryptodev_hash_test_vectors.h
+++ b/app/test/test_cryptodev_hash_test_vectors.h
@@ -352,6 +352,31 @@ cmac_test_vector = {
 	}
 };
 
+static const struct blockcipher_test_data
+aes_xcbc_mac_test_vector = {
+	.auth_algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
+	.ciphertext = {
+		.data = plaintext_hash,
+		.len = 512
+	},
+	.auth_key = {
+		.data = {
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+		},
+		.len = 16
+	},
+	.digest = {
+		.data = {
+			0x07, 0xf1, 0xf5, 0x80, 0x5a, 0xbc, 0x1d, 0x1c,
+			0x58, 0x43, 0x99, 0xbe
+
+		},
+		.len = 12,
+		.truncated_len = 12
+	}
+};
+
 static const struct blockcipher_test_data
 null_auth_test_vector = {
 	.auth_algo = RTE_CRYPTO_AUTH_NULL,
@@ -576,6 +601,16 @@ static const struct blockcipher_test_case hash_test_cases[] = {
 		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
 		.feature_mask = BLOCKCIPHER_TEST_FEATURE_OOP,
 	},
+	{
+		.test_descr = "AES-XCBC-MAC Digest 16B",
+		.test_data = &aes_xcbc_mac_test_vector,
+		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
+	},
+	{
+		.test_descr = "AES-XCBC-MAC Digest Verify 16B",
+		.test_data = &aes_xcbc_mac_test_vector,
+		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
+	},
 
 };
 
-- 
2.17.1


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [dpdk-dev] [PATCH v2 3/5] common/dpaax/caamflib: update zuc-zuc descriptor sharing
  2021-01-14  7:04 ` [dpdk-dev] [PATCH v2 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC Hemant Agrawal
  2021-01-14  7:04   ` [dpdk-dev] [PATCH v2 2/5] test/crypto: add AES-XCBC hash only test case Hemant Agrawal
@ 2021-01-14  7:05   ` Hemant Agrawal
  2021-01-14  7:05   ` [dpdk-dev] [PATCH v2 4/5] crypto/dpaa_sec: reduce the log on queue closure Hemant Agrawal
                     ` (2 subsequent siblings)
  4 siblings, 0 replies; 11+ messages in thread
From: Hemant Agrawal @ 2021-01-14  7:05 UTC (permalink / raw)
  To: dev, akhil.goyal

From: Akhil Goyal <akhil.goyal@nxp.com>

the descriptor sharing needed to be changed for ZUC+ZUC as we
were getting invalid CHA combination error due to sharing
being done on DECOs simultaneously.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 drivers/common/dpaax/caamflib/desc/pdcp.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index f084cf1de0..659e289a45 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -3282,7 +3282,7 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t *descbuf,
 			SHR_ALWAYS,	/* NULL */
 			SHR_WAIT,	/* SNOW f9 */
 			SHR_WAIT,	/* AES CMAC */
-			SHR_ALWAYS	/* ZUC-I */
+			SHR_WAIT	/* ZUC-I */
 		},
 	};
 	LABEL(pdb_end);
@@ -3485,7 +3485,7 @@ cnstr_shdsc_pdcp_u_plane_decap(uint32_t *descbuf,
 			SHR_ALWAYS,	/* NULL */
 			SHR_WAIT,	/* SNOW f9 */
 			SHR_WAIT,	/* AES CMAC */
-			SHR_ALWAYS	/* ZUC-I */
+			SHR_WAIT	/* ZUC-I */
 		},
 	};
 
-- 
2.17.1


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [dpdk-dev] [PATCH v2 4/5] crypto/dpaa_sec: reduce the log on queue closure
  2021-01-14  7:04 ` [dpdk-dev] [PATCH v2 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC Hemant Agrawal
  2021-01-14  7:04   ` [dpdk-dev] [PATCH v2 2/5] test/crypto: add AES-XCBC hash only test case Hemant Agrawal
  2021-01-14  7:05   ` [dpdk-dev] [PATCH v2 3/5] common/dpaax/caamflib: update zuc-zuc descriptor sharing Hemant Agrawal
@ 2021-01-14  7:05   ` Hemant Agrawal
  2021-01-14  7:05   ` [dpdk-dev] [PATCH v2 5/5] crypto/dpaa2_sec: add support for AES CMAC integrity check Hemant Agrawal
  2021-01-15 15:56   ` [dpdk-dev] [PATCH v2 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC Akhil Goyal
  4 siblings, 0 replies; 11+ messages in thread
From: Hemant Agrawal @ 2021-01-14  7:05 UTC (permalink / raw)
  To: dev, akhil.goyal

if for some reason the queue is not close properly,
specially in test cases.
The QUEUE retire prints are flooding the screen.
They are not really required as WARNING.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
 drivers/crypto/dpaa_sec/dpaa_sec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 44c742738f..a4c4b094bb 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -2283,7 +2283,7 @@ dpaa_sec_detach_rxq(struct dpaa_sec_dev_private *qi, struct qman_fq *fq)
 	for (i = 0; i < RTE_DPAA_MAX_RX_QUEUE; i++) {
 		if (&qi->inq[i] == fq) {
 			if (qman_retire_fq(fq, NULL) != 0)
-				DPAA_SEC_WARN("Queue is not retired\n");
+				DPAA_SEC_DEBUG("Queue is not retired\n");
 			qman_oos_fq(fq);
 			qi->inq_attach[i] = 0;
 			return 0;
-- 
2.17.1


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [dpdk-dev] [PATCH v2 5/5] crypto/dpaa2_sec: add support for AES CMAC integrity check
  2021-01-14  7:04 ` [dpdk-dev] [PATCH v2 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC Hemant Agrawal
                     ` (2 preceding siblings ...)
  2021-01-14  7:05   ` [dpdk-dev] [PATCH v2 4/5] crypto/dpaa_sec: reduce the log on queue closure Hemant Agrawal
@ 2021-01-14  7:05   ` Hemant Agrawal
  2021-01-15 15:56   ` [dpdk-dev] [PATCH v2 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC Akhil Goyal
  4 siblings, 0 replies; 11+ messages in thread
From: Hemant Agrawal @ 2021-01-14  7:05 UTC (permalink / raw)
  To: dev, akhil.goyal

This patch adds support for AES_CMAC integrity in non-security mode.
This patch modifies the camm flib to handles the AES CMAC
without conflicting the proto ALG operations. i.e. by creating
another ALG operation routine.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
 doc/guides/cryptodevs/dpaa2_sec.rst           |   1 +
 doc/guides/cryptodevs/features/dpaa2_sec.ini  |   1 +
 drivers/common/dpaax/caamflib/desc/algo.h     |   8 +-
 drivers/common/dpaax/caamflib/rta.h           |   5 +-
 .../common/dpaax/caamflib/rta/operation_cmd.h | 101 +++++++++++++++++-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  26 +++--
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h     |  23 +++-
 7 files changed, 152 insertions(+), 13 deletions(-)

diff --git a/doc/guides/cryptodevs/dpaa2_sec.rst b/doc/guides/cryptodevs/dpaa2_sec.rst
index 275ccf28de..a7fc9cef99 100644
--- a/doc/guides/cryptodevs/dpaa2_sec.rst
+++ b/doc/guides/cryptodevs/dpaa2_sec.rst
@@ -122,6 +122,7 @@ Hash algorithms:
 * ``RTE_CRYPTO_AUTH_SHA512_HMAC``
 * ``RTE_CRYPTO_AUTH_MD5_HMAC``
 * ``RTE_CRYPTO_AUTH_AES_XCBC_MAC``
+* ``RTE_CRYPTO_AUTH_AES_CMAC``
 
 AEAD algorithms:
 
diff --git a/doc/guides/cryptodevs/features/dpaa2_sec.ini b/doc/guides/cryptodevs/features/dpaa2_sec.ini
index 9828d1528e..a1c91821de 100644
--- a/doc/guides/cryptodevs/features/dpaa2_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa2_sec.ini
@@ -48,6 +48,7 @@ SHA512 HMAC  = Y
 SNOW3G UIA2  = Y
 AES XCBC MAC = Y
 ZUC EIA3     = Y
+AES CMAC (128) = Y
 
 ;
 ; Supported AEAD algorithms of the 'dpaa2_sec' crypto driver.
diff --git a/drivers/common/dpaax/caamflib/desc/algo.h b/drivers/common/dpaax/caamflib/desc/algo.h
index cf43d9c14c..6bb915054a 100644
--- a/drivers/common/dpaax/caamflib/desc/algo.h
+++ b/drivers/common/dpaax/caamflib/desc/algo.h
@@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
  *
  * Copyright 2008-2016 Freescale Semiconductor Inc.
- * Copyright 2016,2019-2020 NXP
+ * Copyright 2016,2019-2021 NXP
  *
  */
 
@@ -874,7 +874,7 @@ cnstr_shdsc_gcm_decap(uint32_t *descbuf, bool ps, bool swap,
 }
 
 /**
- * cnstr_shdsc_aes_xcbc_mac - AES_XCBC_MAC
+ * cnstr_shdsc_aes_mac - AES_XCBC_MAC, CMAC cases
  * @descbuf: pointer to descriptor-under-construction buffer
  * @ps: if 36/40bit addressing is desired, this parameter must be true
  * @swap: must be true when core endianness doesn't match SEC endianness
@@ -892,7 +892,7 @@ cnstr_shdsc_gcm_decap(uint32_t *descbuf, bool ps, bool swap,
  * Return: size of descriptor written in words or negative number on error
  */
 static inline int
-cnstr_shdsc_aes_xcbc_mac(uint32_t *descbuf, bool ps, bool swap,
+cnstr_shdsc_aes_mac(uint32_t *descbuf, bool ps, bool swap,
 		enum rta_share_type share,
 		struct alginfo *authdata, uint8_t do_icv,
 		uint8_t trunc_len)
@@ -921,7 +921,7 @@ cnstr_shdsc_aes_xcbc_mac(uint32_t *descbuf, bool ps, bool swap,
 		MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
 
 	/* Do operation */
-	ALG_OPERATION(p, authdata->algtype, authdata->algmode,
+	ALG_OPERATION_NP(p, authdata->algtype, authdata->algmode,
 		OP_ALG_AS_INITFINAL, opicv, dir);
 
 	/* Do load (variable length) */
diff --git a/drivers/common/dpaax/caamflib/rta.h b/drivers/common/dpaax/caamflib/rta.h
index c4bbad0b41..3817314812 100644
--- a/drivers/common/dpaax/caamflib/rta.h
+++ b/drivers/common/dpaax/caamflib/rta.h
@@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
  *
  * Copyright 2008-2016 Freescale Semiconductor Inc.
- * Copyright 2016 NXP
+ * Copyright 2016,2021 NXP
  *
  */
 
@@ -485,6 +485,9 @@ rta_get_sec_era(void)
 #define ALG_OPERATION(program, cipher_alg, aai, algo_state, icv_check, enc) \
 	rta_operation(program, cipher_alg, aai, algo_state, icv_check, enc)
 
+#define ALG_OPERATION_NP(program, cipher_alg, aai, algo_state, icv_check, enc) \
+	rta_operation2(program, cipher_alg, aai, algo_state, icv_check, enc)
+
 /**
  * PROTOCOL - Configures PROTOCOL OPERATION command
  * @program: pointer to struct program
diff --git a/drivers/common/dpaax/caamflib/rta/operation_cmd.h b/drivers/common/dpaax/caamflib/rta/operation_cmd.h
index 04732aa3d2..3d339cb0a0 100644
--- a/drivers/common/dpaax/caamflib/rta/operation_cmd.h
+++ b/drivers/common/dpaax/caamflib/rta/operation_cmd.h
@@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
  *
  * Copyright 2008-2016 Freescale Semiconductor Inc.
- * Copyright 2016,2019 NXP
+ * Copyright 2016,2019-2021 NXP
  */
 
 #ifndef __RTA_OPERATION_CMD_H__
@@ -328,6 +328,105 @@ rta_operation(struct program *program, uint32_t cipher_algo,
 	return ret;
 }
 
+/* For non-proto offload CMAC, GMAC etc cases */
+static inline int
+rta_operation2(struct program *program, uint32_t cipher_algo,
+	      uint16_t aai, uint8_t algo_state,
+	      int icv_checking, int enc)
+{
+	uint32_t opcode = CMD_OPERATION;
+	unsigned int i, found = 0;
+	unsigned int start_pc = program->current_pc;
+	int ret;
+
+	for (i = 0; i < alg_table_sz[rta_sec_era]; i++) {
+		if (alg_table[i].chipher_algo == cipher_algo) {
+			if ((aai ==  OP_ALG_AAI_XCBC_MAC) ||
+					(aai == OP_ALG_AAI_CBC_XCBCMAC) ||
+					(aai == OP_ALG_AAI_CMAC))
+				opcode |= cipher_algo | OP_TYPE_CLASS2_ALG;
+			else
+				opcode |= cipher_algo | alg_table[i].class;
+			/* nothing else to verify */
+			if (alg_table[i].aai_func == NULL) {
+				found = 1;
+				break;
+			}
+
+			aai &= OP_ALG_AAI_MASK;
+
+			ret = (*alg_table[i].aai_func)(aai);
+			if (ret < 0) {
+				pr_err("OPERATION: Bad AAI Type. SEC Program Line: %d\n",
+				       program->current_pc);
+				goto err;
+			}
+			opcode |= aai;
+			found = 1;
+			break;
+		}
+	}
+	if (!found) {
+		pr_err("OPERATION: Invalid Command. SEC Program Line: %d\n",
+		       program->current_pc);
+		ret = -EINVAL;
+		goto err;
+	}
+
+	switch (algo_state) {
+	case OP_ALG_AS_UPDATE:
+	case OP_ALG_AS_INIT:
+	case OP_ALG_AS_FINALIZE:
+	case OP_ALG_AS_INITFINAL:
+		opcode |= algo_state;
+		break;
+	default:
+		pr_err("Invalid Operation Command\n");
+		ret = -EINVAL;
+		goto err;
+	}
+
+	switch (icv_checking) {
+	case ICV_CHECK_DISABLE:
+		/*
+		 * opcode |= OP_ALG_ICV_OFF;
+		 * OP_ALG_ICV_OFF is 0
+		 */
+		break;
+	case ICV_CHECK_ENABLE:
+		opcode |= OP_ALG_ICV_ON;
+		break;
+	default:
+		pr_err("Invalid Operation Command\n");
+		ret = -EINVAL;
+		goto err;
+	}
+
+	switch (enc) {
+	case DIR_DEC:
+		/*
+		 * opcode |= OP_ALG_DECRYPT;
+		 * OP_ALG_DECRYPT is 0
+		 */
+		break;
+	case DIR_ENC:
+		opcode |= OP_ALG_ENCRYPT;
+		break;
+	default:
+		pr_err("Invalid Operation Command\n");
+		ret = -EINVAL;
+		goto err;
+	}
+
+	__rta_out32(program, opcode);
+	program->current_instruction++;
+	return (int)start_pc;
+
+ err:
+	program->first_error_pc = start_pc;
+	return ret;
+}
+
 /*
  * OPERATION PKHA routines
  */
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index a7ff5dba92..cab79db3dc 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: BSD-3-Clause
  *
  *   Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- *   Copyright 2016-2020 NXP
+ *   Copyright 2016-2021 NXP
  *
  */
 
@@ -2138,15 +2138,24 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev,
 		authdata.algtype = OP_ALG_ALGSEL_AES;
 		authdata.algmode = OP_ALG_AAI_XCBC_MAC;
 		session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC;
-		bufsize = cnstr_shdsc_aes_xcbc_mac(
+		bufsize = cnstr_shdsc_aes_mac(
 					priv->flc_desc[DESC_INITFINAL].desc,
 					1, 0, SHR_NEVER, &authdata,
 					!session->dir,
 					session->digest_length);
 		break;
-	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_AES_CMAC:
+		authdata.algtype = OP_ALG_ALGSEL_AES;
+		authdata.algmode = OP_ALG_AAI_CMAC;
+		session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC;
+		bufsize = cnstr_shdsc_aes_mac(
+					   priv->flc_desc[DESC_INITFINAL].desc,
+					   1, 0, SHR_NEVER, &authdata,
+					   !session->dir,
+					   session->digest_length);
+		break;
 	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
+	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_KASUMI_F9:
 	case RTE_CRYPTO_AUTH_NULL:
 		DPAA2_SEC_ERR("Crypto: Unsupported auth alg %un",
@@ -2419,6 +2428,13 @@ dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev,
 		authdata.algmode = OP_ALG_AAI_XCBC_MAC;
 		session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC;
 		break;
+	case RTE_CRYPTO_AUTH_AES_CMAC:
+		authdata.algtype = OP_ALG_ALGSEL_AES;
+		authdata.algmode = OP_ALG_AAI_CMAC;
+		session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC;
+		break;
+	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
+	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 	case RTE_CRYPTO_AUTH_NULL:
 	case RTE_CRYPTO_AUTH_SHA1:
@@ -2427,10 +2443,7 @@ dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev,
 	case RTE_CRYPTO_AUTH_SHA224:
 	case RTE_CRYPTO_AUTH_SHA384:
 	case RTE_CRYPTO_AUTH_MD5:
-	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_KASUMI_F9:
-	case RTE_CRYPTO_AUTH_AES_CMAC:
-	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
 	case RTE_CRYPTO_AUTH_ZUC_EIA3:
 		DPAA2_SEC_ERR("Crypto: Unsupported auth alg %u",
 			      auth_xform->algo);
@@ -2769,6 +2782,7 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
 		break;
 	case RTE_CRYPTO_AUTH_AES_CMAC:
 		authdata->algtype = OP_PCL_IPSEC_AES_CMAC_96;
+		authdata->algmode = OP_ALG_AAI_CMAC;
 		break;
 	case RTE_CRYPTO_AUTH_NULL:
 		authdata->algtype = OP_PCL_IPSEC_HMAC_NULL;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index 35cf5b5dad..7dbc69f6cb 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: BSD-3-Clause
  *
  *   Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- *   Copyright 2016,2020 NXP
+ *   Copyright 2016,2020-2021 NXP
  *
  */
 
@@ -526,6 +526,27 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* AES CMAC */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_AES_CMAC,
+				.block_size = 16,
+				.key_size = {
+					.min = 1,
+					.max = 16,
+					.increment = 1
+				},
+				.digest_size = {
+					.min = 4,
+					.max = 16,
+					.increment = 4
+				},
+				.aad_size = { 0 }
+			}, }
+		}, }
+	},
 	{	/* NULL (CIPHER) */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
-- 
2.17.1


^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [dpdk-dev] [PATCH v2 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC
  2021-01-14  7:04 ` [dpdk-dev] [PATCH v2 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC Hemant Agrawal
                     ` (3 preceding siblings ...)
  2021-01-14  7:05   ` [dpdk-dev] [PATCH v2 5/5] crypto/dpaa2_sec: add support for AES CMAC integrity check Hemant Agrawal
@ 2021-01-15 15:56   ` Akhil Goyal
  4 siblings, 0 replies; 11+ messages in thread
From: Akhil Goyal @ 2021-01-15 15:56 UTC (permalink / raw)
  To: Hemant Agrawal, dev; +Cc: Barry Cao


> From: Akhil Goyal <akhil.goyal@nxp.com>
> 
> This patch add support for AES-XCBC-MAC for following cases
> - AES-XCBC-MAC auth only
> - AES-CBC/CTR + AES-XCBC-MAC (non-proto)
> - AES-CBC/CTR + AES-XCBC-MAC (protocol offload)
> - DES-CBC + AES-XCBC-MAC (non-proto)
> - 3DES-CBC + AES-XCBC-MAC (non-proto)
> 
> Signed-off-by: Barry Cao <barry.cao@nxp.com>
> Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> ---
Series applied to dpdk-next-crypto.



^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, other threads:[~2021-01-15 15:56 UTC | newest]

Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-07 10:54 [dpdk-dev] [PATCH 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC Hemant Agrawal
2021-01-07 10:54 ` [dpdk-dev] [PATCH 2/5] test/crypto: add AES-XCBC hash only test case Hemant Agrawal
2021-01-07 10:54 ` [dpdk-dev] [PATCH 3/5] common/dpaax/caamflib: update zuc-zuc descriptor sharing Hemant Agrawal
2021-01-07 10:54 ` [dpdk-dev] [PATCH 4/5] crypto/dpaa2_sec: add support for AES CMAC integrity check Hemant Agrawal
2021-01-07 10:54 ` [dpdk-dev] [PATCH 5/5] crypto/dpaa_sec: reduce the log on queue closure Hemant Agrawal
2021-01-14  7:04 ` [dpdk-dev] [PATCH v2 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC Hemant Agrawal
2021-01-14  7:04   ` [dpdk-dev] [PATCH v2 2/5] test/crypto: add AES-XCBC hash only test case Hemant Agrawal
2021-01-14  7:05   ` [dpdk-dev] [PATCH v2 3/5] common/dpaax/caamflib: update zuc-zuc descriptor sharing Hemant Agrawal
2021-01-14  7:05   ` [dpdk-dev] [PATCH v2 4/5] crypto/dpaa_sec: reduce the log on queue closure Hemant Agrawal
2021-01-14  7:05   ` [dpdk-dev] [PATCH v2 5/5] crypto/dpaa2_sec: add support for AES CMAC integrity check Hemant Agrawal
2021-01-15 15:56   ` [dpdk-dev] [PATCH v2 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC Akhil Goyal

DPDK patches and discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ https://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git