From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id DB22345A68; Mon, 30 Sep 2024 15:55:50 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id CB41940662; Mon, 30 Sep 2024 15:55:50 +0200 (CEST) Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.15]) by mails.dpdk.org (Postfix) with ESMTP id 972604060C for ; Mon, 30 Sep 2024 15:55:38 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1727704539; x=1759240539; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=1+b751CrAu3T+Cxn7l5Gx7npaur6lxOEy1xwB9TILoo=; b=X7l7RRIMegm4t7xkbFqrO0fQzF3eb6PhDWh4J1+zicU91VVgsNflgTdD Z0pZL9px4KiFImkq/UeqKXb+eAWpbpZYADswYL/URurphICKYS8rno+Hw pKxh1d2peR2o2W1erDoFfZfWP4n/VWzQ9d2BmlKq7iFo4J5/sP3TajcJi OYEHh251xm3QaAzgtzQFwGZCQGZLrsE5Her1qv8xcQf6ylogOHdHgozd2 BTY4ytnaM++3oxHCf1kv/5E9jVf8/2aRN08jE8mkX1d6Fdc1HF9/kI+pL Q4wp45xqTuOWZMkT/AZh7BuRc2SWIdsx0dDt1uZ2Gt6OTJ4ul6LmUyM7R w==; X-CSE-ConnectionGUID: Qkj52/DNSDSxSnHbgYp/WA== X-CSE-MsgGUID: JhWv6zOoQ2ar32CgRPqwOQ== X-IronPort-AV: E=McAfee;i="6700,10204,11211"; a="26952512" X-IronPort-AV: E=Sophos;i="6.11,165,1725346800"; d="scan'208";a="26952512" Received: from orviesa001.jf.intel.com ([10.64.159.141]) by fmvoesa109.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Sep 2024 06:55:38 -0700 X-CSE-ConnectionGUID: bASAGI1ARUG0jeJ6yrABxg== X-CSE-MsgGUID: 7XCY8viuTVG+e8Sofuz3Gw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,165,1725346800"; d="scan'208";a="110779948" Received: from silpixa00400886.ir.intel.com ([10.243.22.139]) by orviesa001.jf.intel.com with ESMTP; 30 Sep 2024 06:55:38 -0700 From: Brian Dooley To: Kai Ji , Pablo de Lara Cc: dev@dpdk.org, gakhil@marvell.com, Brian Dooley Subject: [PATCH v2 3/4] crypto/ipsec_mb: add SM4 algorithm support Date: Mon, 30 Sep 2024 14:55:30 +0100 Message-Id: <20240930135531.3494777-3-brian.dooley@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240930135531.3494777-1-brian.dooley@intel.com> References: <20240906123939.2508919-1-brian.dooley@intel.com> <20240930135531.3494777-1-brian.dooley@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org This patch introduces SM4 algorithm support for SM4 CBC, SM4 ECB and SM4 CTR to the AESNI_MB PMD. Signed-off-by: Brian Dooley --- v2: Add Intel IPsec MB version check to capabilities Add SM4 CTR algorithm support --- drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 26 ++++++++ drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 69 +++++++++++++++++++++ 2 files changed, 95 insertions(+) diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c index 019867fe1c..8790b53b1a 100644 --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c @@ -451,6 +451,9 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr, uint8_t is_zuc = 0; uint8_t is_snow3g = 0; uint8_t is_kasumi = 0; +#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM + uint8_t is_sm4 = 0; +#endif if (xform == NULL) { sess->template_job.cipher_mode = IMB_CIPHER_NULL; @@ -521,6 +524,20 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr, sess->iv.offset = xform->cipher.iv.offset; sess->template_job.iv_len_in_bytes = xform->cipher.iv.length; return 0; +#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM + case RTE_CRYPTO_CIPHER_SM4_CBC: + sess->template_job.cipher_mode = IMB_CIPHER_SM4_CBC; + is_sm4 = 1; + break; + case RTE_CRYPTO_CIPHER_SM4_ECB: + sess->template_job.cipher_mode = IMB_CIPHER_SM4_ECB; + is_sm4 = 1; + break; + case RTE_CRYPTO_CIPHER_SM4_CTR: + sess->template_job.cipher_mode = IMB_CIPHER_SM4_CNTR; + is_sm4 = 1; + break; +#endif default: IPSEC_MB_LOG(ERR, "Unsupported cipher mode parameter"); return -ENOTSUP; @@ -655,6 +672,15 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr, &sess->cipher.pKeySched_kasumi_cipher); sess->template_job.enc_keys = &sess->cipher.pKeySched_kasumi_cipher; sess->template_job.dec_keys = &sess->cipher.pKeySched_kasumi_cipher; +#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM + } else if (is_sm4) { + sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES; + IMB_SM4_KEYEXP(mb_mgr, xform->cipher.key.data, + sess->cipher.expanded_sm4_keys.encode, + sess->cipher.expanded_sm4_keys.decode); + sess->template_job.enc_keys = sess->cipher.expanded_sm4_keys.encode; + sess->template_job.dec_keys = sess->cipher.expanded_sm4_keys.decode; +#endif } else { if (xform->cipher.key.length != 8) { IPSEC_MB_LOG(ERR, "Invalid cipher key length"); diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h index 24c2686952..af462d2569 100644 --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h @@ -732,6 +732,7 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = { }, } }, } }, +#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM { /* SM3 */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { @@ -774,6 +775,63 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = { }, } }, } }, + { /* SM4 CBC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_SM4_CBC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { /* SM4 ECB */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_SM4_ECB, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SM4 CTR */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_SM4_CTR, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, +#endif RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; @@ -951,6 +1009,17 @@ struct __rte_cache_aligned aesni_mb_session { /* *< SNOW3G scheduled cipher key */ kasumi_key_sched_t pKeySched_kasumi_cipher; /* *< KASUMI scheduled cipher key */ +#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM + struct { + alignas(16) uint32_t encode[IMB_SM4_KEY_SCHEDULE_ROUNDS]; + /* *< encode key */ + alignas(16) uint32_t decode[IMB_SM4_KEY_SCHEDULE_ROUNDS]; + /* *< decode key */ + } expanded_sm4_keys; + /* *< Expanded SM4 keys - Original 128 bit key is + * expanded into 32 round keys, each 32 bits. + */ +#endif }; } cipher; -- 2.25.1