From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2D2A642AE5; Fri, 12 May 2023 14:56:34 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 31D9E42F98; Fri, 12 May 2023 14:56:32 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 2363B42F94 for ; Fri, 12 May 2023 14:56:29 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 34C90ju3021725 for ; Fri, 12 May 2023 05:56:29 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=yN7WTXIfpbUR8qCC6IFneUoE2kDB20S74FRYQGULMQs=; b=C6nGtWc8Cs2fLGliBbwtRpGRisUGFur+8tvirJgsI3pbSuAgPazUM/mwkPQiYjvRFXuz KG4R4yoooxRTzSpCS7C8JYoe3EfBodY6LB05JJmYn2HCETUoaqqQ08KqDN9Imvr8kfH9 Gev6jOZLwqYpPODdy/Nm8HIl6hWpteYAdh9U0b2/sQqB65uJUe3FNMYJnK6vrOiRCFON IQS3qcTLCvlocu+OOn3OTUA1IAV39JGtZQ88511cU+I2Vh+87wp174IWAbeUVFWAnOR+ QkiVkPVSRkYIiXyST3w7AdARXaFnIHUATU7HxEmzqO2A3AmPJCbTysOnGOlHQHOlDcpd pQ== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3qh9tk2mh5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Fri, 12 May 2023 05:56:29 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Fri, 12 May 2023 05:56:27 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Fri, 12 May 2023 05:56:27 -0700 Received: from hyd1554.marvell.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 32E283F706C; Fri, 12 May 2023 05:56:24 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal CC: Anoob Joseph , Jerin Jacob , Aakash Sasidharan , Gowrishankar Muthukrishnan , Vidya Sagar Velumuri , Subject: [PATCH 1/2] crypto/cnxk: add AES CCM support Date: Fri, 12 May 2023 18:26:20 +0530 Message-ID: <20230512125621.1131396-2-ktejasree@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230512125621.1131396-1-ktejasree@marvell.com> References: <20230512125621.1131396-1-ktejasree@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: UF3JnbgB5fRoj-CWi0rFWYjitOoy87Av X-Proofpoint-ORIG-GUID: UF3JnbgB5fRoj-CWi0rFWYjitOoy87Av X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-05-12_08,2023-05-05_01,2023-02-09_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Adding AES CCM support to lookaside crypto PMD. Signed-off-by: Tejasree Kondoj --- doc/guides/cryptodevs/cnxk.rst | 1 + doc/guides/cryptodevs/features/cn10k.ini | 3 ++ doc/guides/cryptodevs/features/cn9k.ini | 3 ++ drivers/common/cnxk/roc_se.c | 4 +- drivers/common/cnxk/roc_se.h | 1 + .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 30 ++++++++++++ drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 2 +- drivers/crypto/cnxk/cnxk_se.h | 49 ++++++++++++++----- 8 files changed, 78 insertions(+), 15 deletions(-) diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst index 3c2e38fefd..2d3ceebcaa 100644 --- a/doc/guides/cryptodevs/cnxk.rst +++ b/doc/guides/cryptodevs/cnxk.rst @@ -76,6 +76,7 @@ Hash algorithms: AEAD algorithms: * ``RTE_CRYPTO_AEAD_AES_GCM`` +* ``RTE_CRYPTO_AEAD_AES_CCM`` * ``RTE_CRYPTO_AEAD_CHACHA20_POLY1305`` Asymmetric Crypto Algorithms diff --git a/doc/guides/cryptodevs/features/cn10k.ini b/doc/guides/cryptodevs/features/cn10k.ini index 162d1a25ca..bb5827eb82 100644 --- a/doc/guides/cryptodevs/features/cn10k.ini +++ b/doc/guides/cryptodevs/features/cn10k.ini @@ -81,6 +81,9 @@ SHAKE_256 = Y AES GCM (128) = Y AES GCM (192) = Y AES GCM (256) = Y +AES CCM (128) = Y +AES CCM (192) = Y +AES CCM (256) = Y CHACHA20-POLY1305 = Y ; diff --git a/doc/guides/cryptodevs/features/cn9k.ini b/doc/guides/cryptodevs/features/cn9k.ini index bbed4b2e23..bf0e1a98b2 100644 --- a/doc/guides/cryptodevs/features/cn9k.ini +++ b/doc/guides/cryptodevs/features/cn9k.ini @@ -82,6 +82,9 @@ SHAKE_256 = Y AES GCM (128) = Y AES GCM (192) = Y AES GCM (256) = Y +AES CCM (128) = Y +AES CCM (192) = Y +AES CCM (256) = Y CHACHA20-POLY1305 = Y ; diff --git a/drivers/common/cnxk/roc_se.c b/drivers/common/cnxk/roc_se.c index 5a894013a6..0c0ddaf6c3 100644 --- a/drivers/common/cnxk/roc_se.c +++ b/drivers/common/cnxk/roc_se.c @@ -71,6 +71,7 @@ cpt_ciph_type_set(roc_se_cipher_type type, struct roc_se_ctx *ctx, case ROC_SE_AES_CFB: case ROC_SE_AES_CTR: case ROC_SE_AES_GCM: + case ROC_SE_AES_CCM: case ROC_SE_AES_DOCSISBPI: if (unlikely(cpt_ciph_aes_key_validate(key_len) != 0)) return -1; @@ -520,7 +521,7 @@ roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type, const ui zuc_const = zs_ctx->zuc.otk_ctx.zuc_const; } - if (type == ROC_SE_AES_GCM) + if ((type == ROC_SE_AES_GCM) || (type == ROC_SE_AES_CCM)) se_ctx->template_w4.s.opcode_minor = BIT(5); ret = cpt_ciph_type_set(type, se_ctx, key_len); @@ -569,6 +570,7 @@ roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type, const ui cpt_ciph_aes_key_type_set(fctx, key_len); break; case ROC_SE_AES_GCM: + case ROC_SE_AES_CCM: cpt_ciph_aes_key_type_set(fctx, key_len); break; case ROC_SE_AES_XTS: diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h index a0c97b26c5..56f510f7a0 100644 --- a/drivers/common/cnxk/roc_se.h +++ b/drivers/common/cnxk/roc_se.h @@ -112,6 +112,7 @@ typedef enum { ROC_SE_AES_GCM = 0x7, ROC_SE_AES_XTS = 0x8, ROC_SE_CHACHA20 = 0x9, + ROC_SE_AES_CCM = 0xA, /* These are only for software use */ ROC_SE_ZUC_EEA3 = 0x90, diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index 19956ffa07..91483ab693 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -782,6 +782,36 @@ static const struct rte_cryptodev_capabilities caps_aes[] = { }, } }, } }, + { /* AES CCM */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, + {.aead = { + .algo = RTE_CRYPTO_AEAD_AES_CCM, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 4, + .max = 16, + .increment = 1 + }, + .aad_size = { + .min = 0, + .max = 1024, + .increment = 1 + }, + .iv_size = { + .min = 11, + .max = 13, + .increment = 1 + } + }, } + }, } + }, { /* AES CMAC */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c index 86efe75cc3..453adbfd10 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c @@ -671,7 +671,7 @@ sym_session_configure(struct roc_cpt *roc_cpt, struct rte_crypto_sym_xform *xfor if (sess_priv->cpt_op & ROC_SE_OP_CIPHER_MASK) { switch (sess_priv->roc_se_ctx.fc_type) { case ROC_SE_FC_GEN: - if (sess_priv->aes_gcm || sess_priv->chacha_poly) + if (sess_priv->aes_gcm || sess_priv->aes_ccm || sess_priv->chacha_poly) thr_type = CPT_DP_THREAD_TYPE_FC_AEAD; else thr_type = CPT_DP_THREAD_TYPE_FC_CHAIN; diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h index 69cd343eea..d5a131acb5 100644 --- a/drivers/crypto/cnxk/cnxk_se.h +++ b/drivers/crypto/cnxk/cnxk_se.h @@ -31,6 +31,7 @@ struct cnxk_se_sess { uint16_t cpt_op : 4; uint16_t zsk_flag : 4; uint16_t aes_gcm : 1; + uint16_t aes_ccm : 1; uint16_t aes_ctr : 1; uint16_t chacha_poly : 1; uint16_t is_null : 1; @@ -1655,10 +1656,10 @@ static __rte_always_inline int fill_sess_aead(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess) { struct rte_crypto_aead_xform *aead_form; + uint8_t aes_gcm = 0, aes_ccm = 0; roc_se_cipher_type enc_type = 0; /* NULL Cipher type */ roc_se_auth_type auth_type = 0; /* NULL Auth type */ uint32_t cipher_key_len = 0; - uint8_t aes_gcm = 0; aead_form = &xform->aead; if (aead_form->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) { @@ -1678,9 +1679,10 @@ fill_sess_aead(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess) aes_gcm = 1; break; case RTE_CRYPTO_AEAD_AES_CCM: - plt_dp_err("Crypto: Unsupported cipher algo %u", - aead_form->algo); - return -1; + enc_type = ROC_SE_AES_CCM; + cipher_key_len = 16; + aes_ccm = 1; + break; case RTE_CRYPTO_AEAD_CHACHA20_POLY1305: enc_type = ROC_SE_CHACHA20; auth_type = ROC_SE_POLY1305; @@ -1699,19 +1701,27 @@ fill_sess_aead(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess) } sess->zsk_flag = 0; sess->aes_gcm = aes_gcm; + sess->aes_ccm = aes_ccm; sess->mac_len = aead_form->digest_length; sess->iv_offset = aead_form->iv.offset; sess->iv_length = aead_form->iv.length; sess->aad_length = aead_form->aad_length; - switch (sess->iv_length) { - case 12: - sess->short_iv = 1; - case 16: - break; - default: - plt_dp_err("Crypto: Unsupported IV length %u", sess->iv_length); - return -1; + if (aes_ccm) { + if ((sess->iv_length < 11) || (sess->iv_length > 13)) { + plt_dp_err("Crypto: Unsupported IV length %u", sess->iv_length); + return -1; + } + } else { + switch (sess->iv_length) { + case 12: + sess->short_iv = 1; + case 16: + break; + default: + plt_dp_err("Crypto: Unsupported IV length %u", sess->iv_length); + return -1; + } } if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type, aead_form->key.data, @@ -1856,6 +1866,7 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess) sess->zsk_flag = zsk_flag; sess->zs_cipher = zs_cipher; sess->aes_gcm = 0; + sess->aes_ccm = 0; sess->aes_ctr = aes_ctr; sess->iv_offset = c_form->iv.offset; sess->iv_length = c_form->iv.length; @@ -2218,6 +2229,7 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess, struct roc_se_fc_params fc_params; char src[SRC_IOV_SIZE]; char dst[SRC_IOV_SIZE]; + uint8_t ccm_iv_buf[16]; uint32_t iv_buf[4]; int ret; @@ -2237,6 +2249,13 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess, iv_buf[3] = rte_cpu_to_be_32(0x1); fc_params.iv_buf = iv_buf; } + if (sess->aes_ccm) { + memcpy((uint8_t *)ccm_iv_buf, + rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset), + sess->iv_length + 1); + ccm_iv_buf[0] = 14 - sess->iv_length; + fc_params.iv_buf = ccm_iv_buf; + } } /* Kasumi would need SG mode */ @@ -2264,7 +2283,11 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess, d_offs = (d_offs - aad_len) | (d_offs << 16); d_lens = (d_lens + aad_len) | (d_lens << 32); } else { - fc_params.aad_buf.vaddr = sym_op->aead.aad.data; + /* For AES CCM, AAD is written 18B after aad.data as per API */ + if (sess->aes_ccm) + fc_params.aad_buf.vaddr = PLT_PTR_ADD(sym_op->aead.aad.data, 18); + else + fc_params.aad_buf.vaddr = sym_op->aead.aad.data; fc_params.aad_buf.size = aad_len; flags |= ROC_SE_VALID_AAD_BUF; inplace = 0; -- 2.25.1