[PATCH 0/2] AES CCM support in CNXK crypto PMD

DPDK patches and discussions
 help / color / mirror / Atom feed

* [PATCH 0/2] AES CCM support in CNXK crypto PMD
@ 2023-05-12 12:56 Tejasree Kondoj
  2023-05-12 12:56 ` [PATCH 1/2] crypto/cnxk: add AES CCM support Tejasree Kondoj
  2023-05-12 12:56 ` [PATCH 2/2] crypto/cnxk: fix IPsec CCM capabilities Tejasree Kondoj
  0 siblings, 2 replies; 4+ messages in thread
From: Tejasree Kondoj @ 2023-05-12 12:56 UTC (permalink / raw)
  To: Akhil Goyal
  Cc: Anoob Joseph, Jerin Jacob, Aakash Sasidharan,
	Gowrishankar Muthukrishnan, Vidya Sagar Velumuri, dev

This series adds AES CCM support to CNXK crypto PMD
and fixes capabilities in lookaside IPsec mode.

Tejasree Kondoj (2):
  crypto/cnxk: add AES CCM support
  crypto/cnxk: fix IPsec CCM capabilities

 doc/guides/cryptodevs/cnxk.rst                |  1 +
 doc/guides/cryptodevs/features/cn10k.ini      |  3 ++
 doc/guides/cryptodevs/features/cn9k.ini       |  3 ++
 drivers/common/cnxk/roc_se.c                  |  4 +-
 drivers/common/cnxk/roc_se.h                  |  1 +
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 34 ++++++++++++-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  2 +-
 drivers/crypto/cnxk/cnxk_se.h                 | 49 ++++++++++++++-----
 8 files changed, 80 insertions(+), 17 deletions(-)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 1/2] crypto/cnxk: add AES CCM support
  2023-05-12 12:56 [PATCH 0/2] AES CCM support in CNXK crypto PMD Tejasree Kondoj
@ 2023-05-12 12:56 ` Tejasree Kondoj
  2023-05-24 21:13   ` Akhil Goyal
  2023-05-12 12:56 ` [PATCH 2/2] crypto/cnxk: fix IPsec CCM capabilities Tejasree Kondoj
  1 sibling, 1 reply; 4+ messages in thread
From: Tejasree Kondoj @ 2023-05-12 12:56 UTC (permalink / raw)
  To: Akhil Goyal
  Cc: Anoob Joseph, Jerin Jacob, Aakash Sasidharan,
	Gowrishankar Muthukrishnan, Vidya Sagar Velumuri, dev

Adding AES CCM support to lookaside crypto PMD.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 doc/guides/cryptodevs/cnxk.rst                |  1 +
 doc/guides/cryptodevs/features/cn10k.ini      |  3 ++
 doc/guides/cryptodevs/features/cn9k.ini       |  3 ++
 drivers/common/cnxk/roc_se.c                  |  4 +-
 drivers/common/cnxk/roc_se.h                  |  1 +
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 30 ++++++++++++
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  2 +-
 drivers/crypto/cnxk/cnxk_se.h                 | 49 ++++++++++++++-----
 8 files changed, 78 insertions(+), 15 deletions(-)

diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst
index 3c2e38fefd..2d3ceebcaa 100644
--- a/doc/guides/cryptodevs/cnxk.rst
+++ b/doc/guides/cryptodevs/cnxk.rst
@@ -76,6 +76,7 @@ Hash algorithms:
 AEAD algorithms:
 
 * ``RTE_CRYPTO_AEAD_AES_GCM``
+* ``RTE_CRYPTO_AEAD_AES_CCM``
 * ``RTE_CRYPTO_AEAD_CHACHA20_POLY1305``
 
 Asymmetric Crypto Algorithms
diff --git a/doc/guides/cryptodevs/features/cn10k.ini b/doc/guides/cryptodevs/features/cn10k.ini
index 162d1a25ca..bb5827eb82 100644
--- a/doc/guides/cryptodevs/features/cn10k.ini
+++ b/doc/guides/cryptodevs/features/cn10k.ini
@@ -81,6 +81,9 @@ SHAKE_256       = Y
 AES GCM (128)     = Y
 AES GCM (192)     = Y
 AES GCM (256)     = Y
+AES CCM (128)     = Y
+AES CCM (192)     = Y
+AES CCM (256)     = Y
 CHACHA20-POLY1305 = Y
 
 ;
diff --git a/doc/guides/cryptodevs/features/cn9k.ini b/doc/guides/cryptodevs/features/cn9k.ini
index bbed4b2e23..bf0e1a98b2 100644
--- a/doc/guides/cryptodevs/features/cn9k.ini
+++ b/doc/guides/cryptodevs/features/cn9k.ini
@@ -82,6 +82,9 @@ SHAKE_256       = Y
 AES GCM (128)     = Y
 AES GCM (192)     = Y
 AES GCM (256)     = Y
+AES CCM (128)     = Y
+AES CCM (192)     = Y
+AES CCM (256)     = Y
 CHACHA20-POLY1305 = Y
 
 ;
diff --git a/drivers/common/cnxk/roc_se.c b/drivers/common/cnxk/roc_se.c
index 5a894013a6..0c0ddaf6c3 100644
--- a/drivers/common/cnxk/roc_se.c
+++ b/drivers/common/cnxk/roc_se.c
@@ -71,6 +71,7 @@ cpt_ciph_type_set(roc_se_cipher_type type, struct roc_se_ctx *ctx,
 	case ROC_SE_AES_CFB:
 	case ROC_SE_AES_CTR:
 	case ROC_SE_AES_GCM:
+	case ROC_SE_AES_CCM:
 	case ROC_SE_AES_DOCSISBPI:
 		if (unlikely(cpt_ciph_aes_key_validate(key_len) != 0))
 			return -1;
@@ -520,7 +521,7 @@ roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type, const ui
 		zuc_const = zs_ctx->zuc.otk_ctx.zuc_const;
 	}
 
-	if (type == ROC_SE_AES_GCM)
+	if ((type == ROC_SE_AES_GCM) || (type == ROC_SE_AES_CCM))
 		se_ctx->template_w4.s.opcode_minor = BIT(5);
 
 	ret = cpt_ciph_type_set(type, se_ctx, key_len);
@@ -569,6 +570,7 @@ roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type, const ui
 		cpt_ciph_aes_key_type_set(fctx, key_len);
 		break;
 	case ROC_SE_AES_GCM:
+	case ROC_SE_AES_CCM:
 		cpt_ciph_aes_key_type_set(fctx, key_len);
 		break;
 	case ROC_SE_AES_XTS:
diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h
index a0c97b26c5..56f510f7a0 100644
--- a/drivers/common/cnxk/roc_se.h
+++ b/drivers/common/cnxk/roc_se.h
@@ -112,6 +112,7 @@ typedef enum {
 	ROC_SE_AES_GCM = 0x7,
 	ROC_SE_AES_XTS = 0x8,
 	ROC_SE_CHACHA20 = 0x9,
+	ROC_SE_AES_CCM = 0xA,
 
 	/* These are only for software use */
 	ROC_SE_ZUC_EEA3 = 0x90,
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 19956ffa07..91483ab693 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -782,6 +782,36 @@ static const struct rte_cryptodev_capabilities caps_aes[] = {
 			}, }
 		}, }
 	},
+	{	/* AES CCM */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			{.aead = {
+				.algo = RTE_CRYPTO_AEAD_AES_CCM,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.digest_size = {
+					.min = 4,
+					.max = 16,
+					.increment = 1
+				},
+				.aad_size = {
+					.min = 0,
+					.max = 1024,
+					.increment = 1
+				},
+				.iv_size = {
+					.min = 11,
+					.max = 13,
+					.increment = 1
+				}
+			}, }
+		}, }
+	},
 	{	/* AES CMAC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index 86efe75cc3..453adbfd10 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -671,7 +671,7 @@ sym_session_configure(struct roc_cpt *roc_cpt, struct rte_crypto_sym_xform *xfor
 	if (sess_priv->cpt_op & ROC_SE_OP_CIPHER_MASK) {
 		switch (sess_priv->roc_se_ctx.fc_type) {
 		case ROC_SE_FC_GEN:
-			if (sess_priv->aes_gcm || sess_priv->chacha_poly)
+			if (sess_priv->aes_gcm || sess_priv->aes_ccm || sess_priv->chacha_poly)
 				thr_type = CPT_DP_THREAD_TYPE_FC_AEAD;
 			else
 				thr_type = CPT_DP_THREAD_TYPE_FC_CHAIN;
diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index 69cd343eea..d5a131acb5 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -31,6 +31,7 @@ struct cnxk_se_sess {
 	uint16_t cpt_op : 4;
 	uint16_t zsk_flag : 4;
 	uint16_t aes_gcm : 1;
+	uint16_t aes_ccm : 1;
 	uint16_t aes_ctr : 1;
 	uint16_t chacha_poly : 1;
 	uint16_t is_null : 1;
@@ -1655,10 +1656,10 @@ static __rte_always_inline int
 fill_sess_aead(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
 {
 	struct rte_crypto_aead_xform *aead_form;
+	uint8_t aes_gcm = 0, aes_ccm = 0;
 	roc_se_cipher_type enc_type = 0; /* NULL Cipher type */
 	roc_se_auth_type auth_type = 0;	 /* NULL Auth type */
 	uint32_t cipher_key_len = 0;
-	uint8_t aes_gcm = 0;
 	aead_form = &xform->aead;
 
 	if (aead_form->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
@@ -1678,9 +1679,10 @@ fill_sess_aead(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
 		aes_gcm = 1;
 		break;
 	case RTE_CRYPTO_AEAD_AES_CCM:
-		plt_dp_err("Crypto: Unsupported cipher algo %u",
-			   aead_form->algo);
-		return -1;
+		enc_type = ROC_SE_AES_CCM;
+		cipher_key_len = 16;
+		aes_ccm = 1;
+		break;
 	case RTE_CRYPTO_AEAD_CHACHA20_POLY1305:
 		enc_type = ROC_SE_CHACHA20;
 		auth_type = ROC_SE_POLY1305;
@@ -1699,19 +1701,27 @@ fill_sess_aead(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
 	}
 	sess->zsk_flag = 0;
 	sess->aes_gcm = aes_gcm;
+	sess->aes_ccm = aes_ccm;
 	sess->mac_len = aead_form->digest_length;
 	sess->iv_offset = aead_form->iv.offset;
 	sess->iv_length = aead_form->iv.length;
 	sess->aad_length = aead_form->aad_length;
 
-	switch (sess->iv_length) {
-	case 12:
-		sess->short_iv = 1;
-	case 16:
-		break;
-	default:
-		plt_dp_err("Crypto: Unsupported IV length %u", sess->iv_length);
-		return -1;
+	if (aes_ccm) {
+		if ((sess->iv_length < 11) || (sess->iv_length > 13)) {
+			plt_dp_err("Crypto: Unsupported IV length %u", sess->iv_length);
+			return -1;
+		}
+	} else {
+		switch (sess->iv_length) {
+		case 12:
+			sess->short_iv = 1;
+		case 16:
+			break;
+		default:
+			plt_dp_err("Crypto: Unsupported IV length %u", sess->iv_length);
+			return -1;
+		}
 	}
 
 	if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type, aead_form->key.data,
@@ -1856,6 +1866,7 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
 	sess->zsk_flag = zsk_flag;
 	sess->zs_cipher = zs_cipher;
 	sess->aes_gcm = 0;
+	sess->aes_ccm = 0;
 	sess->aes_ctr = aes_ctr;
 	sess->iv_offset = c_form->iv.offset;
 	sess->iv_length = c_form->iv.length;
@@ -2218,6 +2229,7 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
 	struct roc_se_fc_params fc_params;
 	char src[SRC_IOV_SIZE];
 	char dst[SRC_IOV_SIZE];
+	uint8_t ccm_iv_buf[16];
 	uint32_t iv_buf[4];
 	int ret;
 
@@ -2237,6 +2249,13 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
 			iv_buf[3] = rte_cpu_to_be_32(0x1);
 			fc_params.iv_buf = iv_buf;
 		}
+		if (sess->aes_ccm) {
+			memcpy((uint8_t *)ccm_iv_buf,
+			       rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset),
+			       sess->iv_length + 1);
+			ccm_iv_buf[0] = 14 - sess->iv_length;
+			fc_params.iv_buf = ccm_iv_buf;
+		}
 	}
 
 	/* Kasumi would need SG mode */
@@ -2264,7 +2283,11 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
 			d_offs = (d_offs - aad_len) | (d_offs << 16);
 			d_lens = (d_lens + aad_len) | (d_lens << 32);
 		} else {
-			fc_params.aad_buf.vaddr = sym_op->aead.aad.data;
+			/* For AES CCM, AAD is written 18B after aad.data as per API */
+			if (sess->aes_ccm)
+				fc_params.aad_buf.vaddr = PLT_PTR_ADD(sym_op->aead.aad.data, 18);
+			else
+				fc_params.aad_buf.vaddr = sym_op->aead.aad.data;
 			fc_params.aad_buf.size = aad_len;
 			flags |= ROC_SE_VALID_AAD_BUF;
 			inplace = 0;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* RE: [PATCH 1/2] crypto/cnxk: add AES CCM support
  2023-05-12 12:56 ` [PATCH 1/2] crypto/cnxk: add AES CCM support Tejasree Kondoj
@ 2023-05-24 21:13   ` Akhil Goyal
  0 siblings, 0 replies; 4+ messages in thread
From: Akhil Goyal @ 2023-05-24 21:13 UTC (permalink / raw)
  To: Tejasree Kondoj
  Cc: Anoob Joseph, Jerin Jacob Kollanukkaran, Aakash Sasidharan,
	Gowrishankar Muthukrishnan, Vidya Sagar Velumuri, dev

> Subject: [PATCH 1/2] crypto/cnxk: add AES CCM support
> 
> Adding AES CCM support to lookaside crypto PMD.
> 
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Applied to dpdk-next-crypto

Updated release notes.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 2/2] crypto/cnxk: fix IPsec CCM capabilities
  2023-05-12 12:56 [PATCH 0/2] AES CCM support in CNXK crypto PMD Tejasree Kondoj
  2023-05-12 12:56 ` [PATCH 1/2] crypto/cnxk: add AES CCM support Tejasree Kondoj
@ 2023-05-12 12:56 ` Tejasree Kondoj
  1 sibling, 0 replies; 4+ messages in thread
From: Tejasree Kondoj @ 2023-05-12 12:56 UTC (permalink / raw)
  To: Akhil Goyal
  Cc: Anoob Joseph, Jerin Jacob, Aakash Sasidharan,
	Gowrishankar Muthukrishnan, Vidya Sagar Velumuri, dev, stable

Fixing lookaside IPsec AES-CCM capabilities.

Fixes: 246dea7e6efb ("crypto/cnxk: support AES-CCM")
Cc: stable@dpdk.org

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 91483ab693..c35e5f341d 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -1084,8 +1084,8 @@ static const struct rte_cryptodev_capabilities sec_caps_aes[] = {
 					.increment = 4
 				},
 				.iv_size = {
-					.min = 12,
-					.max = 12,
+					.min = 11,
+					.max = 11,
 					.increment = 0
 				}
 			}, }
-- 
2.25.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2023-05-24 21:13 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-12 12:56 [PATCH 0/2] AES CCM support in CNXK crypto PMD Tejasree Kondoj
2023-05-12 12:56 ` [PATCH 1/2] crypto/cnxk: add AES CCM support Tejasree Kondoj
2023-05-24 21:13   ` Akhil Goyal
2023-05-12 12:56 ` [PATCH 2/2] crypto/cnxk: fix IPsec CCM capabilities Tejasree Kondoj

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).