From: Hemant Agrawal <hemant.agrawal@nxp.com>
To: dev@dpdk.org, akhil.goyal@nxp.com
Subject: [dpdk-dev] [PATCH v2 5/5] crypto/dpaa2_sec: add support for AES CMAC integrity check
Date: Thu, 14 Jan 2021 12:35:02 +0530 [thread overview]
Message-ID: <20210114070502.16033-5-hemant.agrawal@nxp.com> (raw)
In-Reply-To: <20210114070502.16033-1-hemant.agrawal@nxp.com>
This patch adds support for AES_CMAC integrity in non-security mode.
This patch modifies the camm flib to handles the AES CMAC
without conflicting the proto ALG operations. i.e. by creating
another ALG operation routine.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
doc/guides/cryptodevs/dpaa2_sec.rst | 1 +
doc/guides/cryptodevs/features/dpaa2_sec.ini | 1 +
drivers/common/dpaax/caamflib/desc/algo.h | 8 +-
drivers/common/dpaax/caamflib/rta.h | 5 +-
.../common/dpaax/caamflib/rta/operation_cmd.h | 101 +++++++++++++++++-
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 26 +++--
drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 23 +++-
7 files changed, 152 insertions(+), 13 deletions(-)
diff --git a/doc/guides/cryptodevs/dpaa2_sec.rst b/doc/guides/cryptodevs/dpaa2_sec.rst
index 275ccf28de..a7fc9cef99 100644
--- a/doc/guides/cryptodevs/dpaa2_sec.rst
+++ b/doc/guides/cryptodevs/dpaa2_sec.rst
@@ -122,6 +122,7 @@ Hash algorithms:
* ``RTE_CRYPTO_AUTH_SHA512_HMAC``
* ``RTE_CRYPTO_AUTH_MD5_HMAC``
* ``RTE_CRYPTO_AUTH_AES_XCBC_MAC``
+* ``RTE_CRYPTO_AUTH_AES_CMAC``
AEAD algorithms:
diff --git a/doc/guides/cryptodevs/features/dpaa2_sec.ini b/doc/guides/cryptodevs/features/dpaa2_sec.ini
index 9828d1528e..a1c91821de 100644
--- a/doc/guides/cryptodevs/features/dpaa2_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa2_sec.ini
@@ -48,6 +48,7 @@ SHA512 HMAC = Y
SNOW3G UIA2 = Y
AES XCBC MAC = Y
ZUC EIA3 = Y
+AES CMAC (128) = Y
;
; Supported AEAD algorithms of the 'dpaa2_sec' crypto driver.
diff --git a/drivers/common/dpaax/caamflib/desc/algo.h b/drivers/common/dpaax/caamflib/desc/algo.h
index cf43d9c14c..6bb915054a 100644
--- a/drivers/common/dpaax/caamflib/desc/algo.h
+++ b/drivers/common/dpaax/caamflib/desc/algo.h
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
*
* Copyright 2008-2016 Freescale Semiconductor Inc.
- * Copyright 2016,2019-2020 NXP
+ * Copyright 2016,2019-2021 NXP
*
*/
@@ -874,7 +874,7 @@ cnstr_shdsc_gcm_decap(uint32_t *descbuf, bool ps, bool swap,
}
/**
- * cnstr_shdsc_aes_xcbc_mac - AES_XCBC_MAC
+ * cnstr_shdsc_aes_mac - AES_XCBC_MAC, CMAC cases
* @descbuf: pointer to descriptor-under-construction buffer
* @ps: if 36/40bit addressing is desired, this parameter must be true
* @swap: must be true when core endianness doesn't match SEC endianness
@@ -892,7 +892,7 @@ cnstr_shdsc_gcm_decap(uint32_t *descbuf, bool ps, bool swap,
* Return: size of descriptor written in words or negative number on error
*/
static inline int
-cnstr_shdsc_aes_xcbc_mac(uint32_t *descbuf, bool ps, bool swap,
+cnstr_shdsc_aes_mac(uint32_t *descbuf, bool ps, bool swap,
enum rta_share_type share,
struct alginfo *authdata, uint8_t do_icv,
uint8_t trunc_len)
@@ -921,7 +921,7 @@ cnstr_shdsc_aes_xcbc_mac(uint32_t *descbuf, bool ps, bool swap,
MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
/* Do operation */
- ALG_OPERATION(p, authdata->algtype, authdata->algmode,
+ ALG_OPERATION_NP(p, authdata->algtype, authdata->algmode,
OP_ALG_AS_INITFINAL, opicv, dir);
/* Do load (variable length) */
diff --git a/drivers/common/dpaax/caamflib/rta.h b/drivers/common/dpaax/caamflib/rta.h
index c4bbad0b41..3817314812 100644
--- a/drivers/common/dpaax/caamflib/rta.h
+++ b/drivers/common/dpaax/caamflib/rta.h
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
*
* Copyright 2008-2016 Freescale Semiconductor Inc.
- * Copyright 2016 NXP
+ * Copyright 2016,2021 NXP
*
*/
@@ -485,6 +485,9 @@ rta_get_sec_era(void)
#define ALG_OPERATION(program, cipher_alg, aai, algo_state, icv_check, enc) \
rta_operation(program, cipher_alg, aai, algo_state, icv_check, enc)
+#define ALG_OPERATION_NP(program, cipher_alg, aai, algo_state, icv_check, enc) \
+ rta_operation2(program, cipher_alg, aai, algo_state, icv_check, enc)
+
/**
* PROTOCOL - Configures PROTOCOL OPERATION command
* @program: pointer to struct program
diff --git a/drivers/common/dpaax/caamflib/rta/operation_cmd.h b/drivers/common/dpaax/caamflib/rta/operation_cmd.h
index 04732aa3d2..3d339cb0a0 100644
--- a/drivers/common/dpaax/caamflib/rta/operation_cmd.h
+++ b/drivers/common/dpaax/caamflib/rta/operation_cmd.h
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
*
* Copyright 2008-2016 Freescale Semiconductor Inc.
- * Copyright 2016,2019 NXP
+ * Copyright 2016,2019-2021 NXP
*/
#ifndef __RTA_OPERATION_CMD_H__
@@ -328,6 +328,105 @@ rta_operation(struct program *program, uint32_t cipher_algo,
return ret;
}
+/* For non-proto offload CMAC, GMAC etc cases */
+static inline int
+rta_operation2(struct program *program, uint32_t cipher_algo,
+ uint16_t aai, uint8_t algo_state,
+ int icv_checking, int enc)
+{
+ uint32_t opcode = CMD_OPERATION;
+ unsigned int i, found = 0;
+ unsigned int start_pc = program->current_pc;
+ int ret;
+
+ for (i = 0; i < alg_table_sz[rta_sec_era]; i++) {
+ if (alg_table[i].chipher_algo == cipher_algo) {
+ if ((aai == OP_ALG_AAI_XCBC_MAC) ||
+ (aai == OP_ALG_AAI_CBC_XCBCMAC) ||
+ (aai == OP_ALG_AAI_CMAC))
+ opcode |= cipher_algo | OP_TYPE_CLASS2_ALG;
+ else
+ opcode |= cipher_algo | alg_table[i].class;
+ /* nothing else to verify */
+ if (alg_table[i].aai_func == NULL) {
+ found = 1;
+ break;
+ }
+
+ aai &= OP_ALG_AAI_MASK;
+
+ ret = (*alg_table[i].aai_func)(aai);
+ if (ret < 0) {
+ pr_err("OPERATION: Bad AAI Type. SEC Program Line: %d\n",
+ program->current_pc);
+ goto err;
+ }
+ opcode |= aai;
+ found = 1;
+ break;
+ }
+ }
+ if (!found) {
+ pr_err("OPERATION: Invalid Command. SEC Program Line: %d\n",
+ program->current_pc);
+ ret = -EINVAL;
+ goto err;
+ }
+
+ switch (algo_state) {
+ case OP_ALG_AS_UPDATE:
+ case OP_ALG_AS_INIT:
+ case OP_ALG_AS_FINALIZE:
+ case OP_ALG_AS_INITFINAL:
+ opcode |= algo_state;
+ break;
+ default:
+ pr_err("Invalid Operation Command\n");
+ ret = -EINVAL;
+ goto err;
+ }
+
+ switch (icv_checking) {
+ case ICV_CHECK_DISABLE:
+ /*
+ * opcode |= OP_ALG_ICV_OFF;
+ * OP_ALG_ICV_OFF is 0
+ */
+ break;
+ case ICV_CHECK_ENABLE:
+ opcode |= OP_ALG_ICV_ON;
+ break;
+ default:
+ pr_err("Invalid Operation Command\n");
+ ret = -EINVAL;
+ goto err;
+ }
+
+ switch (enc) {
+ case DIR_DEC:
+ /*
+ * opcode |= OP_ALG_DECRYPT;
+ * OP_ALG_DECRYPT is 0
+ */
+ break;
+ case DIR_ENC:
+ opcode |= OP_ALG_ENCRYPT;
+ break;
+ default:
+ pr_err("Invalid Operation Command\n");
+ ret = -EINVAL;
+ goto err;
+ }
+
+ __rta_out32(program, opcode);
+ program->current_instruction++;
+ return (int)start_pc;
+
+ err:
+ program->first_error_pc = start_pc;
+ return ret;
+}
+
/*
* OPERATION PKHA routines
*/
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index a7ff5dba92..cab79db3dc 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2016-2020 NXP
+ * Copyright 2016-2021 NXP
*
*/
@@ -2138,15 +2138,24 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev,
authdata.algtype = OP_ALG_ALGSEL_AES;
authdata.algmode = OP_ALG_AAI_XCBC_MAC;
session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC;
- bufsize = cnstr_shdsc_aes_xcbc_mac(
+ bufsize = cnstr_shdsc_aes_mac(
priv->flc_desc[DESC_INITFINAL].desc,
1, 0, SHR_NEVER, &authdata,
!session->dir,
session->digest_length);
break;
- case RTE_CRYPTO_AUTH_AES_GMAC:
case RTE_CRYPTO_AUTH_AES_CMAC:
+ authdata.algtype = OP_ALG_ALGSEL_AES;
+ authdata.algmode = OP_ALG_AAI_CMAC;
+ session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC;
+ bufsize = cnstr_shdsc_aes_mac(
+ priv->flc_desc[DESC_INITFINAL].desc,
+ 1, 0, SHR_NEVER, &authdata,
+ !session->dir,
+ session->digest_length);
+ break;
case RTE_CRYPTO_AUTH_AES_CBC_MAC:
+ case RTE_CRYPTO_AUTH_AES_GMAC:
case RTE_CRYPTO_AUTH_KASUMI_F9:
case RTE_CRYPTO_AUTH_NULL:
DPAA2_SEC_ERR("Crypto: Unsupported auth alg %un",
@@ -2419,6 +2428,13 @@ dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev,
authdata.algmode = OP_ALG_AAI_XCBC_MAC;
session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC;
break;
+ case RTE_CRYPTO_AUTH_AES_CMAC:
+ authdata.algtype = OP_ALG_ALGSEL_AES;
+ authdata.algmode = OP_ALG_AAI_CMAC;
+ session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC;
+ break;
+ case RTE_CRYPTO_AUTH_AES_CBC_MAC:
+ case RTE_CRYPTO_AUTH_AES_GMAC:
case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
case RTE_CRYPTO_AUTH_NULL:
case RTE_CRYPTO_AUTH_SHA1:
@@ -2427,10 +2443,7 @@ dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev,
case RTE_CRYPTO_AUTH_SHA224:
case RTE_CRYPTO_AUTH_SHA384:
case RTE_CRYPTO_AUTH_MD5:
- case RTE_CRYPTO_AUTH_AES_GMAC:
case RTE_CRYPTO_AUTH_KASUMI_F9:
- case RTE_CRYPTO_AUTH_AES_CMAC:
- case RTE_CRYPTO_AUTH_AES_CBC_MAC:
case RTE_CRYPTO_AUTH_ZUC_EIA3:
DPAA2_SEC_ERR("Crypto: Unsupported auth alg %u",
auth_xform->algo);
@@ -2769,6 +2782,7 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
break;
case RTE_CRYPTO_AUTH_AES_CMAC:
authdata->algtype = OP_PCL_IPSEC_AES_CMAC_96;
+ authdata->algmode = OP_ALG_AAI_CMAC;
break;
case RTE_CRYPTO_AUTH_NULL:
authdata->algtype = OP_PCL_IPSEC_HMAC_NULL;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index 35cf5b5dad..7dbc69f6cb 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2016,2020 NXP
+ * Copyright 2016,2020-2021 NXP
*
*/
@@ -526,6 +526,27 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
}, }
}, }
},
+ { /* AES CMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_CMAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 1,
+ .max = 16,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 4,
+ .max = 16,
+ .increment = 4
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
{ /* NULL (CIPHER) */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
--
2.17.1
next prev parent reply other threads:[~2021-01-14 7:16 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-07 10:54 [dpdk-dev] [PATCH 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC Hemant Agrawal
2021-01-07 10:54 ` [dpdk-dev] [PATCH 2/5] test/crypto: add AES-XCBC hash only test case Hemant Agrawal
2021-01-07 10:54 ` [dpdk-dev] [PATCH 3/5] common/dpaax/caamflib: update zuc-zuc descriptor sharing Hemant Agrawal
2021-01-07 10:54 ` [dpdk-dev] [PATCH 4/5] crypto/dpaa2_sec: add support for AES CMAC integrity check Hemant Agrawal
2021-01-07 10:54 ` [dpdk-dev] [PATCH 5/5] crypto/dpaa_sec: reduce the log on queue closure Hemant Agrawal
2021-01-14 7:04 ` [dpdk-dev] [PATCH v2 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC Hemant Agrawal
2021-01-14 7:04 ` [dpdk-dev] [PATCH v2 2/5] test/crypto: add AES-XCBC hash only test case Hemant Agrawal
2021-01-14 7:05 ` [dpdk-dev] [PATCH v2 3/5] common/dpaax/caamflib: update zuc-zuc descriptor sharing Hemant Agrawal
2021-01-14 7:05 ` [dpdk-dev] [PATCH v2 4/5] crypto/dpaa_sec: reduce the log on queue closure Hemant Agrawal
2021-01-14 7:05 ` Hemant Agrawal [this message]
2021-01-15 15:56 ` [dpdk-dev] [PATCH v2 1/5] crypto/dpaa2_sec: support AES-XCBC-MAC Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210114070502.16033-5-hemant.agrawal@nxp.com \
--to=hemant.agrawal@nxp.com \
--cc=akhil.goyal@nxp.com \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).