From: Radu Nicolau <radu.nicolau@intel.com>
To: Kai Ji <kai.ji@intel.com>,
Pablo de Lara <pablo.de.lara.guarch@intel.com>
Cc: dev@dpdk.org, Radu Nicolau <radu.nicolau@intel.com>
Subject: [PATCH v2 1/5] crypto/ipsec_mb: add support for SNOW-V
Date: Fri, 11 Apr 2025 11:09:37 +0100 [thread overview]
Message-ID: <20250411101425.3041736-2-radu.nicolau@intel.com> (raw)
In-Reply-To: <20250411101425.3041736-1-radu.nicolau@intel.com>
Add support for SNOW-V and SNOW-V AEAD algorithms to
crypto/ipsec_mb PMD.
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
doc/guides/cryptodevs/aesni_mb.rst | 2 +
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 70 +++++++++++++++++++--
drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 52 +++++++++++++++
3 files changed, 120 insertions(+), 4 deletions(-)
diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index 8d7e221e79..383c4a55ce 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -39,6 +39,7 @@ Cipher algorithms:
* RTE_CRYPTO_CIPHER_SM4_CBC
* RTE_CRYPTO_CIPHER_SM4_ECB
* RTE_CRYPTO_CIPHER_SM4_CTR
+* RTE_CRYPTO_CIPHER_SNOW_V
Hash algorithms:
@@ -68,6 +69,7 @@ AEAD algorithms:
* RTE_CRYPTO_AEAD_AES_GCM
* RTE_CRYPTO_AEAD_CHACHA20_POLY1305
* RTE_CRYPTO_AEAD_SM4_GCM
+* RTE_CRYPTO_AEAD_SNOW_V
Protocol offloads:
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index a6c3f09b6f..60896d74fc 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -20,7 +20,8 @@ is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE cipher_mode)
{
return (hash_alg == IMB_AUTH_CHACHA20_POLY1305 ||
hash_alg == IMB_AUTH_AES_CCM ||
- cipher_mode == IMB_CIPHER_GCM
+ cipher_mode == IMB_CIPHER_GCM ||
+ cipher_mode == IMB_CIPHER_SNOW_V_AEAD
#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
|| cipher_mode == IMB_CIPHER_SM4_GCM
#endif
@@ -353,6 +354,7 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
uint8_t is_zuc = 0;
uint8_t is_snow3g = 0;
uint8_t is_kasumi = 0;
+ uint8_t is_snow_v = 0;
#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
uint8_t is_sm4 = 0;
#endif
@@ -416,6 +418,10 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
sess->template_job.cipher_mode = IMB_CIPHER_SNOW3G_UEA2_BITLEN;
is_snow3g = 1;
break;
+ case RTE_CRYPTO_CIPHER_SNOW_V:
+ sess->template_job.cipher_mode = IMB_CIPHER_SNOW_V;
+ is_snow_v = 1;
+ break;
case RTE_CRYPTO_CIPHER_KASUMI_F8:
sess->template_job.cipher_mode = IMB_CIPHER_KASUMI_UEA1_BITLEN;
is_kasumi = 1;
@@ -576,6 +582,17 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
&sess->cipher.pKeySched_kasumi_cipher);
sess->template_job.enc_keys = &sess->cipher.pKeySched_kasumi_cipher;
sess->template_job.dec_keys = &sess->cipher.pKeySched_kasumi_cipher;
+ } else if (is_snow_v) {
+ if (xform->cipher.key.length != 32) {
+ IPSEC_MB_LOG(ERR, "Invalid cipher key length");
+ return -EINVAL;
+ }
+ sess->template_job.key_len_in_bytes = 32;
+ sess->template_job.iv_len_in_bytes = 16;
+ memcpy(sess->cipher.snow_v_cipher_key, xform->cipher.key.data,
+ xform->cipher.key.length);
+ sess->template_job.enc_keys = sess->cipher.snow_v_cipher_key;
+ sess->template_job.dec_keys = sess->cipher.snow_v_cipher_key;
#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
} else if (is_sm4) {
sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
@@ -724,6 +741,26 @@ aesni_mb_set_session_aead_parameters(IMB_MGR *mb_mgr,
return -EINVAL;
}
break;
+ case RTE_CRYPTO_AEAD_SNOW_V:
+ sess->template_job.cipher_mode = IMB_CIPHER_SNOW_V_AEAD;
+ sess->template_job.hash_alg = IMB_AUTH_SNOW_V_AEAD;
+ sess->template_job.u.SNOW_V_AEAD.aad_len_in_bytes =
+ xform->aead.aad_length;
+
+ if (xform->aead.key.length != 32) {
+ IPSEC_MB_LOG(ERR, "Invalid key length");
+ return -EINVAL;
+ }
+ sess->template_job.key_len_in_bytes = 32;
+ memcpy(sess->cipher.snow_v_cipher_key, xform->cipher.key.data,
+ xform->cipher.key.length);
+ sess->template_job.enc_keys = sess->cipher.snow_v_cipher_key;
+ sess->template_job.dec_keys = sess->cipher.snow_v_cipher_key;
+ if (sess->auth.req_digest_len != 16) {
+ IPSEC_MB_LOG(ERR, "Invalid digest size");
+ return -EINVAL;
+ }
+ break;
#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
case RTE_CRYPTO_AEAD_SM4_GCM:
sess->template_job.cipher_mode = IMB_CIPHER_SM4_GCM;
@@ -1058,6 +1095,10 @@ set_cpu_mb_job_params(IMB_JOB *job, struct aesni_mb_session *session,
job->u.CHACHA20_POLY1305.aad = aad->va;
break;
+ case IMB_AUTH_SNOW_V_AEAD:
+ job->u.SNOW_V_AEAD.aad = aad->va;
+ break;
+
#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
case IMB_AUTH_SM4_GCM:
job->u.GCM.aad = aad->va;
@@ -1440,7 +1481,8 @@ aesni_mb_digest_appended_in_src(struct rte_crypto_op *op, IMB_JOB *job,
if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3 ||
job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN ||
- job->cipher_mode == IMB_CIPHER_KASUMI_UEA1_BITLEN) {
+ job->cipher_mode == IMB_CIPHER_KASUMI_UEA1_BITLEN ||
+ job->cipher_mode == IMB_CIPHER_SNOW_V) {
cipher_size = (op->sym->cipher.data.offset >> 3) +
(op->sym->cipher.data.length >> 3);
} else {
@@ -1586,6 +1628,9 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
imb_set_session(mb_mgr, job);
}
break;
+ case IMB_AUTH_SNOW_V_AEAD:
+ job->u.SNOW_V_AEAD.aad = op->sym->aead.aad.data;
+ break;
#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
case IMB_AUTH_SM4_GCM:
job->u.GCM.aad = op->sym->aead.aad.data;
@@ -1606,6 +1651,8 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
m_offset = 0;
else if (cipher_mode == IMB_CIPHER_KASUMI_UEA1_BITLEN)
m_offset = 0;
+ else if (cipher_mode == IMB_CIPHER_SNOW_V)
+ m_offset >>= 3;
/* Set digest output location */
if (job->hash_alg != IMB_AUTH_NULL &&
@@ -1719,6 +1766,14 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
session->iv.offset);
break;
+ case IMB_AUTH_SNOW_V_AEAD:
+ job->hash_start_src_offset_in_bytes =
+ op->sym->aead.data.offset;
+ job->msg_len_to_hash_in_bytes =
+ op->sym->aead.data.length;
+ job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+ session->iv.offset);
+ break;
#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
case IMB_AUTH_SM4_GCM:
job->hash_start_src_offset_in_bytes = 0;
@@ -1747,8 +1802,9 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
}
switch (job->cipher_mode) {
- /* ZUC requires length and offset in bytes */
+ /* ZUC and SNOW V requires length and offset in bytes */
case IMB_CIPHER_ZUC_EEA3:
+ case IMB_CIPHER_SNOW_V:
job->cipher_start_src_offset_in_bytes =
op->sym->cipher.data.offset >> 3;
job->msg_len_to_cipher_in_bytes =
@@ -1778,6 +1834,11 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
job->msg_len_to_cipher_in_bytes = 0;
job->cipher_start_src_offset_in_bytes = 0;
break;
+ case IMB_CIPHER_SNOW_V_AEAD:
+ job->cipher_start_src_offset_in_bytes =
+ op->sym->aead.data.offset;
+ job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;
+ break;
#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
case IMB_CIPHER_SM4_GCM:
job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;
@@ -2034,7 +2095,8 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
int unencrypted_bytes = 0;
if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN ||
job->cipher_mode == IMB_CIPHER_KASUMI_UEA1_BITLEN ||
- job->cipher_mode == IMB_CIPHER_ZUC_EEA3) {
+ job->cipher_mode == IMB_CIPHER_ZUC_EEA3 ||
+ job->cipher_mode == IMB_CIPHER_SNOW_V) {
cipher_size = (op->sym->cipher.data.offset >> 3) +
(op->sym->cipher.data.length >> 3);
} else {
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 66e8e732ff..6f2eb27ba3 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -725,6 +725,56 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
}, }
}, }
},
+ { /* SNOW V */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_SNOW_V,
+ .block_size = 16,
+ .key_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ { /* SNOW V AEAD */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_SNOW_V,
+ .block_size = 64,
+ .key_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = {
+ .min = 0,
+ .max = 1024,
+ .increment = 1
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ }, }
+ }, }
+ },
#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
{ /* SM3 */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
@@ -1028,6 +1078,8 @@ struct __rte_cache_aligned aesni_mb_session {
/* *< Expanded GCM key */
uint8_t zuc_cipher_key[32];
/* *< ZUC cipher key */
+ uint8_t snow_v_cipher_key[32];
+ /* *< SNOW V cipher key */
snow3g_key_schedule_t pKeySched_snow3g_cipher;
/* *< SNOW3G scheduled cipher key */
kasumi_key_sched_t pKeySched_kasumi_cipher;
--
2.43.0
next prev parent reply other threads:[~2025-04-11 10:14 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-11 10:09 [PATCH v2 0/5] add SNOW-V support in ipsec_mb PMD Radu Nicolau
2025-04-11 10:09 ` Radu Nicolau [this message]
2025-04-11 10:09 ` [PATCH v2 2/5] examples/l2fwd-crypto: add support for SNOW-V Radu Nicolau
2025-04-11 10:09 ` [PATCH v2 3/5] tests: add unit tests and test vectors " Radu Nicolau
2025-04-11 10:09 ` [PATCH v2 4/5] app/crypto-perf: add support " Radu Nicolau
2025-04-11 10:09 ` [PATCH v2 5/5] app/eventdev: update eventdev app " Radu Nicolau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250411101425.3041736-2-radu.nicolau@intel.com \
--to=radu.nicolau@intel.com \
--cc=dev@dpdk.org \
--cc=kai.ji@intel.com \
--cc=pablo.de.lara.guarch@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).