* [dpdk-dev] [PATCH 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 @ 2020-09-11 11:18 Pablo de Lara 2020-09-11 11:19 ` [dpdk-dev] [PATCH 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Pablo de Lara ` (2 more replies) 0 siblings, 3 replies; 16+ messages in thread From: Pablo de Lara @ 2020-09-11 11:18 UTC (permalink / raw) To: dev; +Cc: Pablo de Lara Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> --- doc/guides/cryptodevs/aesni_mb.rst | 36 ++--- doc/guides/cryptodevs/features/aesni_mb.ini | 2 + doc/guides/rel_notes/release_20_11.rst | 4 + .../crypto/aesni_mb/aesni_mb_pmd_private.h | 127 ++++++++++-------- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 60 ++++++++- .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 47 +++++++ 6 files changed, 204 insertions(+), 72 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 15388d20a..0cb58bfe5 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -32,23 +32,25 @@ Cipher algorithms: * RTE_CRYPTO_CIPHER_DES_CBC * RTE_CRYPTO_CIPHER_3DES_CBC * RTE_CRYPTO_CIPHER_DES_DOCSISBPI - -Hash algorithms: - -* RTE_CRYPTO_HASH_MD5_HMAC -* RTE_CRYPTO_HASH_SHA1_HMAC -* RTE_CRYPTO_HASH_SHA224_HMAC -* RTE_CRYPTO_HASH_SHA256_HMAC -* RTE_CRYPTO_HASH_SHA384_HMAC -* RTE_CRYPTO_HASH_SHA512_HMAC -* RTE_CRYPTO_HASH_AES_XCBC_HMAC -* RTE_CRYPTO_HASH_AES_CMAC -* RTE_CRYPTO_HASH_AES_GMAC -* RTE_CRYPTO_HASH_SHA1 -* RTE_CRYPTO_HASH_SHA224 -* RTE_CRYPTO_HASH_SHA256 -* RTE_CRYPTO_HASH_SHA384 -* RTE_CRYPTO_HASH_SHA512 +* RTE_CRYPTO_CIPHER_ZUC_EEA3 + +Authentication algorithms: + +* RTE_CRYPTO_AUTH_MD5_HMAC +* RTE_CRYPTO_AUTH_SHA1_HMAC +* RTE_CRYPTO_AUTH_SHA224_HMAC +* RTE_CRYPTO_AUTH_SHA256_HMAC +* RTE_CRYPTO_AUTH_SHA384_HMAC +* RTE_CRYPTO_AUTH_SHA512_HMAC +* RTE_CRYPTO_AUTH_AES_XCBC_HMAC +* RTE_CRYPTO_AUTH_AES_CMAC +* RTE_CRYPTO_AUTH_AES_GMAC +* RTE_CRYPTO_AUTH_SHA1 +* RTE_CRYPTO_AUTH_SHA224 +* RTE_CRYPTO_AUTH_SHA256 +* RTE_CRYPTO_AUTH_SHA384 +* RTE_CRYPTO_AUTH_SHA512 +* RTE_CRYPTO_AUTH_ZUC_EIA3 AEAD algorithms: diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index 38d255aff..47210333c 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -30,6 +30,7 @@ AES DOCSIS BPI = Y DES CBC = Y 3DES CBC = Y DES DOCSIS BPI = Y +ZUC EEA3 = Y ; ; Supported authentication algorithms of the 'aesni_mb' crypto driver. @@ -49,6 +50,7 @@ SHA512 HMAC = Y AES XCBC MAC = Y AES CMAC (128) = Y AES GMAC = Y +ZUC EIA3 = Y ; ; Supported AEAD algorithms of the 'aesni_mb' crypto driver. diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst index df227a177..1dc822cb7 100644 --- a/doc/guides/rel_notes/release_20_11.rst +++ b/doc/guides/rel_notes/release_20_11.rst @@ -55,6 +55,10 @@ New Features Also, make sure to start the actual text at the margin. ======================================================= +* **Updated the AESNI MB crypto PMD.** + + * Added support for ZUC-EEA3/EIA3 algorithms. + Removed Items ------------- diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index e0c7b4f7c..5dd94a87a 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -39,22 +39,25 @@ extern int aesni_mb_logtype_driver; /* Maximum length for digest */ #define DIGEST_LENGTH_MAX 64 static const unsigned auth_blocksize[] = { - [NULL_HASH] = 0, - [MD5] = 64, - [SHA1] = 64, - [SHA_224] = 64, - [SHA_256] = 64, - [SHA_384] = 128, - [SHA_512] = 128, - [AES_XCBC] = 16, - [AES_CCM] = 16, - [AES_CMAC] = 16, - [AES_GMAC] = 16, - [PLAIN_SHA1] = 64, - [PLAIN_SHA_224] = 64, - [PLAIN_SHA_256] = 64, - [PLAIN_SHA_384] = 128, - [PLAIN_SHA_512] = 128 + [NULL_HASH] = 0, + [MD5] = 64, + [SHA1] = 64, + [SHA_224] = 64, + [SHA_256] = 64, + [SHA_384] = 128, + [SHA_512] = 128, + [AES_XCBC] = 16, + [AES_CCM] = 16, + [AES_CMAC] = 16, + [AES_GMAC] = 16, + [PLAIN_SHA1] = 64, + [PLAIN_SHA_224] = 64, + [PLAIN_SHA_256] = 64, + [PLAIN_SHA_384] = 128, + [PLAIN_SHA_512] = 128, +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + [IMB_AUTH_ZUC_EIA3_BITLEN] = 16 +#endif }; /** @@ -70,22 +73,25 @@ get_auth_algo_blocksize(JOB_HASH_ALG algo) } static const unsigned auth_truncated_digest_byte_lengths[] = { - [MD5] = 12, - [SHA1] = 12, - [SHA_224] = 14, - [SHA_256] = 16, - [SHA_384] = 24, - [SHA_512] = 32, - [AES_XCBC] = 12, - [AES_CMAC] = 12, - [AES_CCM] = 8, - [NULL_HASH] = 0, - [AES_GMAC] = 16, - [PLAIN_SHA1] = 20, - [PLAIN_SHA_224] = 28, - [PLAIN_SHA_256] = 32, - [PLAIN_SHA_384] = 48, - [PLAIN_SHA_512] = 64 + [MD5] = 12, + [SHA1] = 12, + [SHA_224] = 14, + [SHA_256] = 16, + [SHA_384] = 24, + [SHA_512] = 32, + [AES_XCBC] = 12, + [AES_CMAC] = 12, + [AES_CCM] = 8, + [NULL_HASH] = 0, + [AES_GMAC] = 16, + [PLAIN_SHA1] = 20, + [PLAIN_SHA_224] = 28, + [PLAIN_SHA_256] = 32, + [PLAIN_SHA_384] = 48, + [PLAIN_SHA_512] = 64, +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 +#endif }; /** @@ -102,22 +108,25 @@ get_truncated_digest_byte_length(JOB_HASH_ALG algo) } static const unsigned auth_digest_byte_lengths[] = { - [MD5] = 16, - [SHA1] = 20, - [SHA_224] = 28, - [SHA_256] = 32, - [SHA_384] = 48, - [SHA_512] = 64, - [AES_XCBC] = 16, - [AES_CMAC] = 16, - [AES_CCM] = 16, - [AES_GMAC] = 12, - [NULL_HASH] = 0, - [PLAIN_SHA1] = 20, - [PLAIN_SHA_224] = 28, - [PLAIN_SHA_256] = 32, - [PLAIN_SHA_384] = 48, - [PLAIN_SHA_512] = 64 + [MD5] = 16, + [SHA1] = 20, + [SHA_224] = 28, + [SHA_256] = 32, + [SHA_384] = 48, + [SHA_512] = 64, + [AES_XCBC] = 16, + [AES_CMAC] = 16, + [AES_CCM] = 16, + [AES_GMAC] = 12, + [NULL_HASH] = 0, + [PLAIN_SHA1] = 20, + [PLAIN_SHA_224] = 28, + [PLAIN_SHA_256] = 32, + [PLAIN_SHA_384] = 48, + [PLAIN_SHA_512] = 64, +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 +#endif /**< Vector mode dependent pointer table of the multi-buffer APIs */ }; @@ -189,6 +198,10 @@ struct aesni_mb_session { uint16_t length; uint16_t offset; } iv; + struct { + uint16_t length; + uint16_t offset; + } auth_iv; /**< IV parameters */ /** Cipher Parameters */const struct aesni_mb_op_fns *op_fns; @@ -209,19 +222,23 @@ struct aesni_mb_session { uint32_t decode[60] __rte_aligned(16); /**< decode key */ } expanded_aes_keys; + /**< Expanded AES keys - Allocating space to + * contain the maximum expanded key size which + * is 240 bytes for 256 bit AES, calculate by: + * ((key size (bytes)) * + * ((number of rounds) + 1)) + */ struct { const void *ks_ptr[3]; uint64_t key[3][16]; } exp_3des_keys; + /**< Expanded 3DES keys */ struct gcm_key_data gcm_key; + /**< Expanded GCM key */ + uint8_t zuc_cipher_key[16]; + /**< ZUC cipher key */ }; - /**< Expanded AES keys - Allocating space to - * contain the maximum expanded key size which - * is 240 bytes for 256 bit AES, calculate by: - * ((key size (bytes)) * - * ((number of rounds) + 1)) - */ } cipher; /** Authentication Parameters */ @@ -260,6 +277,8 @@ struct aesni_mb_session { /**< k3. */ } cmac; /**< Expanded XCBC authentication keys */ + uint8_t zuc_auth_key[16]; + /**< ZUC authentication key */ }; /** Generated digest size by the Multi-buffer library */ uint16_t gen_digest_len; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 1bddbcf74..cdc33415a 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -146,6 +146,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, return -1; } + /* Set IV parameters */ + sess->auth_iv.offset = xform->auth.iv.offset; + sess->auth_iv.length = xform->auth.iv.length; + /* Set the request digest size */ sess->auth.req_digest_len = xform->auth.digest_length; @@ -249,6 +253,22 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, return 0; } +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + if (xform->auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3) { + sess->auth.algo = IMB_AUTH_ZUC_EIA3_BITLEN; + uint16_t zuc_eia3_digest_len = + get_truncated_digest_byte_length(IMB_AUTH_ZUC_EIA3_BITLEN); + if (sess->auth.req_digest_len != zuc_eia3_digest_len) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } + sess->auth.gen_digest_len = sess->auth.req_digest_len; + + memcpy(sess->auth.zuc_auth_key, xform->auth.key.data, 16); + return 0; + } +#endif + switch (xform->auth.algo) { case RTE_CRYPTO_AUTH_MD5_HMAC: sess->auth.algo = MD5; @@ -381,6 +401,9 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, uint8_t is_aes = 0; uint8_t is_3DES = 0; uint8_t is_docsis = 0; +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + uint8_t is_zuc = 0; +#endif if (xform == NULL) { sess->cipher.mode = NULL_CIPHER; @@ -429,6 +452,12 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.mode = DES3; is_3DES = 1; break; +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + case RTE_CRYPTO_CIPHER_ZUC_EEA3: + sess->cipher.mode = IMB_CIPHER_ZUC_EEA3; + is_zuc = 1; + break; +#endif default: AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter"); return -ENOTSUP; @@ -527,6 +556,16 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, } sess->cipher.key_length_in_bytes = 24; +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + } else if (is_zuc) { + if (xform->cipher.key.length != 16) { + AESNI_MB_LOG(ERR, "Invalid cipher key length"); + return -EINVAL; + } + sess->cipher.key_length_in_bytes = 16; + memcpy(sess->cipher.zuc_cipher_key, xform->cipher.key.data, + 16); +#endif } else { if (xform->cipher.key.length != 8) { AESNI_MB_LOG(ERR, "Invalid cipher key length"); @@ -693,6 +732,7 @@ aesni_mb_set_session_parameters(const MB_MGR *mb_mgr, /* Default IV length = 0 */ sess->iv.length = 0; + sess->auth_iv.length = 0; ret = aesni_mb_set_session_auth_parameters(mb_mgr, sess, auth_xform); if (ret != 0) { @@ -1168,7 +1208,13 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->aes_enc_key_expanded = &session->cipher.gcm_key; job->aes_dec_key_expanded = &session->cipher.gcm_key; break; - +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + case IMB_AUTH_ZUC_EIA3_BITLEN: + job->u.ZUC_EIA3._key = session->auth.zuc_auth_key; + job->u.ZUC_EIA3._iv = rte_crypto_op_ctod_offset(op, uint8_t *, + session->auth_iv.offset); + break; +#endif default: job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner; job->u.HMAC._hashed_auth_key_xor_opad = session->auth.pads.outer; @@ -1186,6 +1232,13 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } } +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) { + job->aes_enc_key_expanded = session->cipher.zuc_cipher_key; + job->aes_dec_key_expanded = session->cipher.zuc_cipher_key; + } +#endif + if (!op->sym->m_dst) { /* in-place operation */ m_dst = m_src; @@ -1286,6 +1339,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, session->iv.offset); } +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) + job->msg_len_to_cipher_in_bytes >>= 3; +#endif + /* Set user data to be crypto operation data struct */ job->user_data = op; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 2362f0c3c..487db6330 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -497,6 +497,53 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + { /* ZUC (EIA3) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 4, + .max = 4, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { /* ZUC (EEA3) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + }, } + }, } + }, +#endif RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -- 2.25.1 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 2020-09-11 11:18 [dpdk-dev] [PATCH 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara @ 2020-09-11 11:19 ` Pablo de Lara 2020-09-11 11:19 ` [dpdk-dev] [PATCH 3/3] crypto/aesni_mb: support KASUMI F8/F9 Pablo de Lara 2020-09-11 11:37 ` [dpdk-dev] [PATCH v2 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2 siblings, 0 replies; 16+ messages in thread From: Pablo de Lara @ 2020-09-11 11:19 UTC (permalink / raw) To: dev; +Cc: Pablo de Lara Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> --- doc/guides/cryptodevs/aesni_mb.rst | 2 + doc/guides/cryptodevs/features/aesni_mb.ini | 2 + doc/guides/rel_notes/release_20_11.rst | 1 + .../crypto/aesni_mb/aesni_mb_pmd_private.h | 13 +++-- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 47 ++++++++++++++++--- .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 45 ++++++++++++++++++ 6 files changed, 101 insertions(+), 9 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 0cb58bfe5..12bcafcba 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -33,6 +33,7 @@ Cipher algorithms: * RTE_CRYPTO_CIPHER_3DES_CBC * RTE_CRYPTO_CIPHER_DES_DOCSISBPI * RTE_CRYPTO_CIPHER_ZUC_EEA3 +* RTE_CRYPTO_CIPHER_SNOW3G_UEA2 Authentication algorithms: @@ -51,6 +52,7 @@ Authentication algorithms: * RTE_CRYPTO_AUTH_SHA384 * RTE_CRYPTO_AUTH_SHA512 * RTE_CRYPTO_AUTH_ZUC_EIA3 +* RTE_CRYPTO_AUTH_SNOW3G_UIA2 AEAD algorithms: diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index 47210333c..76a0fd149 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -31,6 +31,7 @@ DES CBC = Y 3DES CBC = Y DES DOCSIS BPI = Y ZUC EEA3 = Y +SNOW3G UEA2 = Y ; ; Supported authentication algorithms of the 'aesni_mb' crypto driver. @@ -51,6 +52,7 @@ AES XCBC MAC = Y AES CMAC (128) = Y AES GMAC = Y ZUC EIA3 = Y +SNOW3G UIA2 = Y ; ; Supported AEAD algorithms of the 'aesni_mb' crypto driver. diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst index 1dc822cb7..ee8dff904 100644 --- a/doc/guides/rel_notes/release_20_11.rst +++ b/doc/guides/rel_notes/release_20_11.rst @@ -58,6 +58,7 @@ New Features * **Updated the AESNI MB crypto PMD.** * Added support for ZUC-EEA3/EIA3 algorithms. + * Added support for SNOW3G-UEA2/UIA2 algorithms. Removed Items diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index 5dd94a87a..7a0a27dd7 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -56,7 +56,8 @@ static const unsigned auth_blocksize[] = { [PLAIN_SHA_384] = 128, [PLAIN_SHA_512] = 128, #if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) - [IMB_AUTH_ZUC_EIA3_BITLEN] = 16 + [IMB_AUTH_ZUC_EIA3_BITLEN] = 16, + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 16 #endif }; @@ -90,7 +91,8 @@ static const unsigned auth_truncated_digest_byte_lengths[] = { [PLAIN_SHA_384] = 48, [PLAIN_SHA_512] = 64, #if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) - [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 + [IMB_AUTH_ZUC_EIA3_BITLEN] = 4, + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4 #endif }; @@ -125,7 +127,8 @@ static const unsigned auth_digest_byte_lengths[] = { [PLAIN_SHA_384] = 48, [PLAIN_SHA_512] = 64, #if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) - [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 + [IMB_AUTH_ZUC_EIA3_BITLEN] = 4, + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4 #endif /**< Vector mode dependent pointer table of the multi-buffer APIs */ @@ -238,6 +241,8 @@ struct aesni_mb_session { /**< Expanded GCM key */ uint8_t zuc_cipher_key[16]; /**< ZUC cipher key */ + snow3g_key_schedule_t pKeySched_snow3g_cipher; + /**< SNOW3G scheduled cipher key */ }; } cipher; @@ -279,6 +284,8 @@ struct aesni_mb_session { /**< Expanded XCBC authentication keys */ uint8_t zuc_auth_key[16]; /**< ZUC authentication key */ + snow3g_key_schedule_t pKeySched_snow3g_auth; + /**< SNOW3G scheduled authentication key */ }; /** Generated digest size by the Multi-buffer library */ uint16_t gen_digest_len; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index cdc33415a..fcb80f63f 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -266,6 +266,19 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, memcpy(sess->auth.zuc_auth_key, xform->auth.key.data, 16); return 0; + } else if (xform->auth.algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2) { + sess->auth.algo = IMB_AUTH_SNOW3G_UIA2_BITLEN; + uint16_t snow3g_uia2_digest_len = + get_truncated_digest_byte_length(IMB_AUTH_SNOW3G_UIA2_BITLEN); + if (sess->auth.req_digest_len != snow3g_uia2_digest_len) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } + sess->auth.gen_digest_len = sess->auth.req_digest_len; + + IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->auth.key.data, + &sess->auth.pKeySched_snow3g_auth); + return 0; } #endif @@ -403,6 +416,7 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, uint8_t is_docsis = 0; #if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) uint8_t is_zuc = 0; + uint8_t is_snow3g = 0; #endif if (xform == NULL) { @@ -457,6 +471,10 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.mode = IMB_CIPHER_ZUC_EEA3; is_zuc = 1; break; + case RTE_CRYPTO_CIPHER_SNOW3G_UEA2: + sess->cipher.mode = IMB_CIPHER_SNOW3G_UEA2_BITLEN; + is_snow3g = 1; + break; #endif default: AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter"); @@ -565,6 +583,14 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.key_length_in_bytes = 16; memcpy(sess->cipher.zuc_cipher_key, xform->cipher.key.data, 16); + } else if (is_snow3g) { + if (xform->cipher.key.length != 16) { + AESNI_MB_LOG(ERR, "Invalid cipher key length"); + return -EINVAL; + } + sess->cipher.key_length_in_bytes = 16; + IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->cipher.key.data, + &sess->cipher.pKeySched_snow3g_cipher); #endif } else { if (xform->cipher.key.length != 8) { @@ -1214,6 +1240,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->u.ZUC_EIA3._iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->auth_iv.offset); break; + case IMB_AUTH_SNOW3G_UIA2_BITLEN: + job->u.SNOW3G_UIA2._key = (void *) &session->auth.pKeySched_snow3g_auth; + job->u.SNOW3G_UIA2._iv = rte_crypto_op_ctod_offset(op, uint8_t *, + session->auth_iv.offset); + break; #endif default: job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner; @@ -1232,10 +1263,19 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } } + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) + m_offset = op->sym->aead.data.offset; + else + m_offset = op->sym->cipher.data.offset; + #if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) { job->aes_enc_key_expanded = session->cipher.zuc_cipher_key; job->aes_dec_key_expanded = session->cipher.zuc_cipher_key; + } else if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN) { + job->enc_keys = &session->cipher.pKeySched_snow3g_cipher; + m_offset = 0; } #endif @@ -1253,12 +1293,6 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, oop = 1; } - if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && - session->cipher.mode == GCM)) - m_offset = op->sym->aead.data.offset; - else - m_offset = op->sym->cipher.data.offset; - /* Set digest output location */ if (job->hash_alg != NULL_HASH && session->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { @@ -1327,6 +1361,7 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; default: + /* For SNOW3G, length and offsets are already in bits */ job->cipher_start_src_offset_in_bytes = op->sym->cipher.data.offset; job->msg_len_to_cipher_in_bytes = op->sym->cipher.data.length; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 487db6330..87f2f0dab 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -543,6 +543,51 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* SNOW 3G (UIA2) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 4, + .max = 4, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { /* SNOW 3G (UEA2) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, #endif RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -- 2.25.1 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH 3/3] crypto/aesni_mb: support KASUMI F8/F9 2020-09-11 11:18 [dpdk-dev] [PATCH 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2020-09-11 11:19 ` [dpdk-dev] [PATCH 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Pablo de Lara @ 2020-09-11 11:19 ` Pablo de Lara 2020-09-11 11:37 ` [dpdk-dev] [PATCH v2 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2 siblings, 0 replies; 16+ messages in thread From: Pablo de Lara @ 2020-09-11 11:19 UTC (permalink / raw) To: dev; +Cc: Pablo de Lara Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> --- doc/guides/cryptodevs/aesni_mb.rst | 2 + doc/guides/cryptodevs/features/aesni_mb.ini | 2 + doc/guides/rel_notes/release_20_11.rst | 1 + .../crypto/aesni_mb/aesni_mb_pmd_private.h | 13 ++++-- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 34 +++++++++++++++ .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 41 +++++++++++++++++++ 6 files changed, 90 insertions(+), 3 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 12bcafcba..85c462e62 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -34,6 +34,7 @@ Cipher algorithms: * RTE_CRYPTO_CIPHER_DES_DOCSISBPI * RTE_CRYPTO_CIPHER_ZUC_EEA3 * RTE_CRYPTO_CIPHER_SNOW3G_UEA2 +* RTE_CRYPTO_CIPHER_KASUMI_F8 Authentication algorithms: @@ -53,6 +54,7 @@ Authentication algorithms: * RTE_CRYPTO_AUTH_SHA512 * RTE_CRYPTO_AUTH_ZUC_EIA3 * RTE_CRYPTO_AUTH_SNOW3G_UIA2 +* RTE_CRYPTO_AUTH_KASUMI_F9 AEAD algorithms: diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index 76a0fd149..f70adcec9 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -32,6 +32,7 @@ DES CBC = Y DES DOCSIS BPI = Y ZUC EEA3 = Y SNOW3G UEA2 = Y +KASUMI F8 = Y ; ; Supported authentication algorithms of the 'aesni_mb' crypto driver. @@ -53,6 +54,7 @@ AES CMAC (128) = Y AES GMAC = Y ZUC EIA3 = Y SNOW3G UIA2 = Y +KASUMI F9 = Y ; ; Supported AEAD algorithms of the 'aesni_mb' crypto driver. diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst index ee8dff904..2b6370025 100644 --- a/doc/guides/rel_notes/release_20_11.rst +++ b/doc/guides/rel_notes/release_20_11.rst @@ -59,6 +59,7 @@ New Features * Added support for ZUC-EEA3/EIA3 algorithms. * Added support for SNOW3G-UEA2/UIA2 algorithms. + * Added support for KASUMI-F8/F9 algorithms. Removed Items diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index 7a0a27dd7..c8f1eff1f 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -57,7 +57,8 @@ static const unsigned auth_blocksize[] = { [PLAIN_SHA_512] = 128, #if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) [IMB_AUTH_ZUC_EIA3_BITLEN] = 16, - [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 16 + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 16, + [IMB_AUTH_KASUMI_UIA1] = 16 #endif }; @@ -92,7 +93,8 @@ static const unsigned auth_truncated_digest_byte_lengths[] = { [PLAIN_SHA_512] = 64, #if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) [IMB_AUTH_ZUC_EIA3_BITLEN] = 4, - [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4 + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4, + [IMB_AUTH_KASUMI_UIA1] = 4 #endif }; @@ -128,7 +130,8 @@ static const unsigned auth_digest_byte_lengths[] = { [PLAIN_SHA_512] = 64, #if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) [IMB_AUTH_ZUC_EIA3_BITLEN] = 4, - [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4 + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4, + [IMB_AUTH_KASUMI_UIA1] = 4 #endif /**< Vector mode dependent pointer table of the multi-buffer APIs */ @@ -243,6 +246,8 @@ struct aesni_mb_session { /**< ZUC cipher key */ snow3g_key_schedule_t pKeySched_snow3g_cipher; /**< SNOW3G scheduled cipher key */ + kasumi_key_sched_t pKeySched_kasumi_cipher; + /**< KASUMI scheduled cipher key */ }; } cipher; @@ -286,6 +291,8 @@ struct aesni_mb_session { /**< ZUC authentication key */ snow3g_key_schedule_t pKeySched_snow3g_auth; /**< SNOW3G scheduled authentication key */ + kasumi_key_sched_t pKeySched_kasumi_auth; + /**< KASUMI scheduled authentication key */ }; /** Generated digest size by the Multi-buffer library */ uint16_t gen_digest_len; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index fcb80f63f..0a5af31fb 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -279,6 +279,19 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->auth.key.data, &sess->auth.pKeySched_snow3g_auth); return 0; + } else if (xform->auth.algo == RTE_CRYPTO_AUTH_KASUMI_F9) { + sess->auth.algo = IMB_AUTH_KASUMI_UIA1; + uint16_t kasumi_f9_digest_len = + get_truncated_digest_byte_length(IMB_AUTH_KASUMI_UIA1); + if (sess->auth.req_digest_len != kasumi_f9_digest_len) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } + sess->auth.gen_digest_len = sess->auth.req_digest_len; + + IMB_KASUMI_INIT_F9_KEY_SCHED(mb_mgr, xform->auth.key.data, + &sess->auth.pKeySched_kasumi_auth); + return 0; } #endif @@ -417,6 +430,7 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, #if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) uint8_t is_zuc = 0; uint8_t is_snow3g = 0; + uint8_t is_kasumi = 0; #endif if (xform == NULL) { @@ -475,6 +489,10 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.mode = IMB_CIPHER_SNOW3G_UEA2_BITLEN; is_snow3g = 1; break; + case RTE_CRYPTO_CIPHER_KASUMI_F8: + sess->cipher.mode = IMB_CIPHER_KASUMI_UEA1_BITLEN; + is_kasumi = 1; + break; #endif default: AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter"); @@ -591,6 +609,14 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.key_length_in_bytes = 16; IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->cipher.key.data, &sess->cipher.pKeySched_snow3g_cipher); + } else if (is_kasumi) { + if (xform->cipher.key.length != 16) { + AESNI_MB_LOG(ERR, "Invalid cipher key length"); + return -EINVAL; + } + sess->cipher.key_length_in_bytes = 16; + IMB_KASUMI_INIT_F8_KEY_SCHED(mb_mgr, xform->cipher.key.data, + &sess->cipher.pKeySched_kasumi_cipher); #endif } else { if (xform->cipher.key.length != 8) { @@ -1245,6 +1271,9 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->u.SNOW3G_UIA2._iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->auth_iv.offset); break; + case IMB_AUTH_KASUMI_UIA1: + job->u.KASUMI_UIA1._key = (void *) &session->auth.pKeySched_kasumi_auth; + break; #endif default: job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner; @@ -1276,6 +1305,9 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } else if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN) { job->enc_keys = &session->cipher.pKeySched_snow3g_cipher; m_offset = 0; + } else if (job->cipher_mode == IMB_CIPHER_KASUMI_UEA1_BITLEN) { + job->enc_keys = &session->cipher.pKeySched_kasumi_cipher; + m_offset = 0; } #endif @@ -1377,6 +1409,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, #if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) job->msg_len_to_cipher_in_bytes >>= 3; + else if (job->hash_alg == IMB_AUTH_KASUMI_UIA1) + job->msg_len_to_hash_in_bytes >>= 3; #endif /* Set user data to be crypto operation data struct */ diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 87f2f0dab..1c292cf4b 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -588,6 +588,47 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* KASUMI (F9) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_KASUMI_F9, + .block_size = 8, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 4, + .max = 4, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* KASUMI (F8) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_KASUMI_F8, + .block_size = 8, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 8, + .max = 8, + .increment = 0 + } + }, } + }, } + }, #endif RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -- 2.25.1 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH v2 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 2020-09-11 11:18 [dpdk-dev] [PATCH 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2020-09-11 11:19 ` [dpdk-dev] [PATCH 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Pablo de Lara 2020-09-11 11:19 ` [dpdk-dev] [PATCH 3/3] crypto/aesni_mb: support KASUMI F8/F9 Pablo de Lara @ 2020-09-11 11:37 ` Pablo de Lara 2020-09-11 11:38 ` [dpdk-dev] [PATCH v2 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Pablo de Lara ` (2 more replies) 2 siblings, 3 replies; 16+ messages in thread From: Pablo de Lara @ 2020-09-11 11:37 UTC (permalink / raw) To: dev; +Cc: Pablo de Lara Add support for ZUC-EEA3/EIA3 algorithms through the intel-ipsec-mb job API, allowing the mix of these algorithms with others. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> --- v2: - Added commit description - Fixed checkpatch issues --- doc/guides/cryptodevs/aesni_mb.rst | 36 ++--- doc/guides/cryptodevs/features/aesni_mb.ini | 2 + doc/guides/rel_notes/release_20_11.rst | 4 + .../crypto/aesni_mb/aesni_mb_pmd_private.h | 127 ++++++++++-------- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 62 ++++++++- .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 47 +++++++ 6 files changed, 205 insertions(+), 73 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 15388d20a..0cb58bfe5 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -32,23 +32,25 @@ Cipher algorithms: * RTE_CRYPTO_CIPHER_DES_CBC * RTE_CRYPTO_CIPHER_3DES_CBC * RTE_CRYPTO_CIPHER_DES_DOCSISBPI - -Hash algorithms: - -* RTE_CRYPTO_HASH_MD5_HMAC -* RTE_CRYPTO_HASH_SHA1_HMAC -* RTE_CRYPTO_HASH_SHA224_HMAC -* RTE_CRYPTO_HASH_SHA256_HMAC -* RTE_CRYPTO_HASH_SHA384_HMAC -* RTE_CRYPTO_HASH_SHA512_HMAC -* RTE_CRYPTO_HASH_AES_XCBC_HMAC -* RTE_CRYPTO_HASH_AES_CMAC -* RTE_CRYPTO_HASH_AES_GMAC -* RTE_CRYPTO_HASH_SHA1 -* RTE_CRYPTO_HASH_SHA224 -* RTE_CRYPTO_HASH_SHA256 -* RTE_CRYPTO_HASH_SHA384 -* RTE_CRYPTO_HASH_SHA512 +* RTE_CRYPTO_CIPHER_ZUC_EEA3 + +Authentication algorithms: + +* RTE_CRYPTO_AUTH_MD5_HMAC +* RTE_CRYPTO_AUTH_SHA1_HMAC +* RTE_CRYPTO_AUTH_SHA224_HMAC +* RTE_CRYPTO_AUTH_SHA256_HMAC +* RTE_CRYPTO_AUTH_SHA384_HMAC +* RTE_CRYPTO_AUTH_SHA512_HMAC +* RTE_CRYPTO_AUTH_AES_XCBC_HMAC +* RTE_CRYPTO_AUTH_AES_CMAC +* RTE_CRYPTO_AUTH_AES_GMAC +* RTE_CRYPTO_AUTH_SHA1 +* RTE_CRYPTO_AUTH_SHA224 +* RTE_CRYPTO_AUTH_SHA256 +* RTE_CRYPTO_AUTH_SHA384 +* RTE_CRYPTO_AUTH_SHA512 +* RTE_CRYPTO_AUTH_ZUC_EIA3 AEAD algorithms: diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index 38d255aff..47210333c 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -30,6 +30,7 @@ AES DOCSIS BPI = Y DES CBC = Y 3DES CBC = Y DES DOCSIS BPI = Y +ZUC EEA3 = Y ; ; Supported authentication algorithms of the 'aesni_mb' crypto driver. @@ -49,6 +50,7 @@ SHA512 HMAC = Y AES XCBC MAC = Y AES CMAC (128) = Y AES GMAC = Y +ZUC EIA3 = Y ; ; Supported AEAD algorithms of the 'aesni_mb' crypto driver. diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst index df227a177..1dc822cb7 100644 --- a/doc/guides/rel_notes/release_20_11.rst +++ b/doc/guides/rel_notes/release_20_11.rst @@ -55,6 +55,10 @@ New Features Also, make sure to start the actual text at the margin. ======================================================= +* **Updated the AESNI MB crypto PMD.** + + * Added support for ZUC-EEA3/EIA3 algorithms. + Removed Items ------------- diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index e0c7b4f7c..601ab9a40 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -39,22 +39,25 @@ extern int aesni_mb_logtype_driver; /* Maximum length for digest */ #define DIGEST_LENGTH_MAX 64 static const unsigned auth_blocksize[] = { - [NULL_HASH] = 0, - [MD5] = 64, - [SHA1] = 64, - [SHA_224] = 64, - [SHA_256] = 64, - [SHA_384] = 128, - [SHA_512] = 128, - [AES_XCBC] = 16, - [AES_CCM] = 16, - [AES_CMAC] = 16, - [AES_GMAC] = 16, - [PLAIN_SHA1] = 64, - [PLAIN_SHA_224] = 64, - [PLAIN_SHA_256] = 64, - [PLAIN_SHA_384] = 128, - [PLAIN_SHA_512] = 128 + [NULL_HASH] = 0, + [MD5] = 64, + [SHA1] = 64, + [SHA_224] = 64, + [SHA_256] = 64, + [SHA_384] = 128, + [SHA_512] = 128, + [AES_XCBC] = 16, + [AES_CCM] = 16, + [AES_CMAC] = 16, + [AES_GMAC] = 16, + [PLAIN_SHA1] = 64, + [PLAIN_SHA_224] = 64, + [PLAIN_SHA_256] = 64, + [PLAIN_SHA_384] = 128, + [PLAIN_SHA_512] = 128, +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + [IMB_AUTH_ZUC_EIA3_BITLEN] = 16 +#endif }; /** @@ -70,22 +73,25 @@ get_auth_algo_blocksize(JOB_HASH_ALG algo) } static const unsigned auth_truncated_digest_byte_lengths[] = { - [MD5] = 12, - [SHA1] = 12, - [SHA_224] = 14, - [SHA_256] = 16, - [SHA_384] = 24, - [SHA_512] = 32, - [AES_XCBC] = 12, - [AES_CMAC] = 12, - [AES_CCM] = 8, - [NULL_HASH] = 0, - [AES_GMAC] = 16, - [PLAIN_SHA1] = 20, - [PLAIN_SHA_224] = 28, - [PLAIN_SHA_256] = 32, - [PLAIN_SHA_384] = 48, - [PLAIN_SHA_512] = 64 + [MD5] = 12, + [SHA1] = 12, + [SHA_224] = 14, + [SHA_256] = 16, + [SHA_384] = 24, + [SHA_512] = 32, + [AES_XCBC] = 12, + [AES_CMAC] = 12, + [AES_CCM] = 8, + [NULL_HASH] = 0, + [AES_GMAC] = 16, + [PLAIN_SHA1] = 20, + [PLAIN_SHA_224] = 28, + [PLAIN_SHA_256] = 32, + [PLAIN_SHA_384] = 48, + [PLAIN_SHA_512] = 64, +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 +#endif }; /** @@ -102,22 +108,25 @@ get_truncated_digest_byte_length(JOB_HASH_ALG algo) } static const unsigned auth_digest_byte_lengths[] = { - [MD5] = 16, - [SHA1] = 20, - [SHA_224] = 28, - [SHA_256] = 32, - [SHA_384] = 48, - [SHA_512] = 64, - [AES_XCBC] = 16, - [AES_CMAC] = 16, - [AES_CCM] = 16, - [AES_GMAC] = 12, - [NULL_HASH] = 0, - [PLAIN_SHA1] = 20, - [PLAIN_SHA_224] = 28, - [PLAIN_SHA_256] = 32, - [PLAIN_SHA_384] = 48, - [PLAIN_SHA_512] = 64 + [MD5] = 16, + [SHA1] = 20, + [SHA_224] = 28, + [SHA_256] = 32, + [SHA_384] = 48, + [SHA_512] = 64, + [AES_XCBC] = 16, + [AES_CMAC] = 16, + [AES_CCM] = 16, + [AES_GMAC] = 12, + [NULL_HASH] = 0, + [PLAIN_SHA1] = 20, + [PLAIN_SHA_224] = 28, + [PLAIN_SHA_256] = 32, + [PLAIN_SHA_384] = 48, + [PLAIN_SHA_512] = 64, +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 +#endif /**< Vector mode dependent pointer table of the multi-buffer APIs */ }; @@ -189,6 +198,10 @@ struct aesni_mb_session { uint16_t length; uint16_t offset; } iv; + struct { + uint16_t length; + uint16_t offset; + } auth_iv; /**< IV parameters */ /** Cipher Parameters */const struct aesni_mb_op_fns *op_fns; @@ -209,19 +222,23 @@ struct aesni_mb_session { uint32_t decode[60] __rte_aligned(16); /**< decode key */ } expanded_aes_keys; + /**< Expanded AES keys - Allocating space to + * contain the maximum expanded key size which + * is 240 bytes for 256 bit AES, calculate by: + * ((key size (bytes)) * + * ((number of rounds) + 1)) + */ struct { const void *ks_ptr[3]; uint64_t key[3][16]; } exp_3des_keys; + /**< Expanded 3DES keys */ struct gcm_key_data gcm_key; + /**< Expanded GCM key */ + uint8_t zuc_cipher_key[16]; + /**< ZUC cipher key */ }; - /**< Expanded AES keys - Allocating space to - * contain the maximum expanded key size which - * is 240 bytes for 256 bit AES, calculate by: - * ((key size (bytes)) * - * ((number of rounds) + 1)) - */ } cipher; /** Authentication Parameters */ @@ -260,6 +277,8 @@ struct aesni_mb_session { /**< k3. */ } cmac; /**< Expanded XCBC authentication keys */ + uint8_t zuc_auth_key[16]; + /**< ZUC authentication key */ }; /** Generated digest size by the Multi-buffer library */ uint16_t gen_digest_len; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 1bddbcf74..54023e013 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -146,6 +146,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, return -1; } + /* Set IV parameters */ + sess->auth_iv.offset = xform->auth.iv.offset; + sess->auth_iv.length = xform->auth.iv.length; + /* Set the request digest size */ sess->auth.req_digest_len = xform->auth.digest_length; @@ -249,6 +253,22 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, return 0; } +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + if (xform->auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3) { + sess->auth.algo = IMB_AUTH_ZUC_EIA3_BITLEN; + uint16_t zuc_eia3_digest_len = + get_truncated_digest_byte_length(IMB_AUTH_ZUC_EIA3_BITLEN); + if (sess->auth.req_digest_len != zuc_eia3_digest_len) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } + sess->auth.gen_digest_len = sess->auth.req_digest_len; + + memcpy(sess->auth.zuc_auth_key, xform->auth.key.data, 16); + return 0; + } +#endif + switch (xform->auth.algo) { case RTE_CRYPTO_AUTH_MD5_HMAC: sess->auth.algo = MD5; @@ -381,6 +401,9 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, uint8_t is_aes = 0; uint8_t is_3DES = 0; uint8_t is_docsis = 0; +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + uint8_t is_zuc = 0; +#endif if (xform == NULL) { sess->cipher.mode = NULL_CIPHER; @@ -429,6 +452,12 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.mode = DES3; is_3DES = 1; break; +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + case RTE_CRYPTO_CIPHER_ZUC_EEA3: + sess->cipher.mode = IMB_CIPHER_ZUC_EEA3; + is_zuc = 1; + break; +#endif default: AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter"); return -ENOTSUP; @@ -471,7 +500,7 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.expanded_aes_keys.encode, sess->cipher.expanded_aes_keys.decode); break; -#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM case AES_256_BYTES: sess->cipher.key_length_in_bytes = AES_256_BYTES; IMB_AES_KEYEXP_256(mb_mgr, xform->cipher.key.data, @@ -527,6 +556,16 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, } sess->cipher.key_length_in_bytes = 24; +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + } else if (is_zuc) { + if (xform->cipher.key.length != 16) { + AESNI_MB_LOG(ERR, "Invalid cipher key length"); + return -EINVAL; + } + sess->cipher.key_length_in_bytes = 16; + memcpy(sess->cipher.zuc_cipher_key, xform->cipher.key.data, + 16); +#endif } else { if (xform->cipher.key.length != 8) { AESNI_MB_LOG(ERR, "Invalid cipher key length"); @@ -693,6 +732,7 @@ aesni_mb_set_session_parameters(const MB_MGR *mb_mgr, /* Default IV length = 0 */ sess->iv.length = 0; + sess->auth_iv.length = 0; ret = aesni_mb_set_session_auth_parameters(mb_mgr, sess, auth_xform); if (ret != 0) { @@ -1168,7 +1208,13 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->aes_enc_key_expanded = &session->cipher.gcm_key; job->aes_dec_key_expanded = &session->cipher.gcm_key; break; - +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + case IMB_AUTH_ZUC_EIA3_BITLEN: + job->u.ZUC_EIA3._key = session->auth.zuc_auth_key; + job->u.ZUC_EIA3._iv = rte_crypto_op_ctod_offset(op, uint8_t *, + session->auth_iv.offset); + break; +#endif default: job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner; job->u.HMAC._hashed_auth_key_xor_opad = session->auth.pads.outer; @@ -1186,6 +1232,13 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } } +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) { + job->aes_enc_key_expanded = session->cipher.zuc_cipher_key; + job->aes_dec_key_expanded = session->cipher.zuc_cipher_key; + } +#endif + if (!op->sym->m_dst) { /* in-place operation */ m_dst = m_src; @@ -1286,6 +1339,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, session->iv.offset); } +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) + job->msg_len_to_cipher_in_bytes >>= 3; +#endif + /* Set user data to be crypto operation data struct */ job->user_data = op; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 2362f0c3c..f4c4f56fe 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -497,6 +497,53 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + { /* ZUC (EIA3) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 4, + .max = 4, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { /* ZUC (EEA3) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + }, } + }, } + }, +#endif RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -- 2.25.1 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH v2 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 2020-09-11 11:37 ` [dpdk-dev] [PATCH v2 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara @ 2020-09-11 11:38 ` Pablo de Lara 2020-09-11 11:38 ` [dpdk-dev] [PATCH v2 3/3] crypto/aesni_mb: support KASUMI F8/F9 Pablo de Lara 2020-09-11 15:54 ` [dpdk-dev] [PATCH v3 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2 siblings, 0 replies; 16+ messages in thread From: Pablo de Lara @ 2020-09-11 11:38 UTC (permalink / raw) To: dev; +Cc: Pablo de Lara Add support for SNOW3G-UEA2/UIA2 algorithms through the intel-ipsec-mb job API, allowing the mix of these algorithms with others. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> --- v2: - Added commit description --- doc/guides/cryptodevs/aesni_mb.rst | 2 + doc/guides/cryptodevs/features/aesni_mb.ini | 2 + doc/guides/rel_notes/release_20_11.rst | 1 + .../crypto/aesni_mb/aesni_mb_pmd_private.h | 7 +++ drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 47 ++++++++++++++++--- .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 45 ++++++++++++++++++ 6 files changed, 98 insertions(+), 6 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 0cb58bfe5..12bcafcba 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -33,6 +33,7 @@ Cipher algorithms: * RTE_CRYPTO_CIPHER_3DES_CBC * RTE_CRYPTO_CIPHER_DES_DOCSISBPI * RTE_CRYPTO_CIPHER_ZUC_EEA3 +* RTE_CRYPTO_CIPHER_SNOW3G_UEA2 Authentication algorithms: @@ -51,6 +52,7 @@ Authentication algorithms: * RTE_CRYPTO_AUTH_SHA384 * RTE_CRYPTO_AUTH_SHA512 * RTE_CRYPTO_AUTH_ZUC_EIA3 +* RTE_CRYPTO_AUTH_SNOW3G_UIA2 AEAD algorithms: diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index 47210333c..76a0fd149 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -31,6 +31,7 @@ DES CBC = Y 3DES CBC = Y DES DOCSIS BPI = Y ZUC EEA3 = Y +SNOW3G UEA2 = Y ; ; Supported authentication algorithms of the 'aesni_mb' crypto driver. @@ -51,6 +52,7 @@ AES XCBC MAC = Y AES CMAC (128) = Y AES GMAC = Y ZUC EIA3 = Y +SNOW3G UIA2 = Y ; ; Supported AEAD algorithms of the 'aesni_mb' crypto driver. diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst index 1dc822cb7..ee8dff904 100644 --- a/doc/guides/rel_notes/release_20_11.rst +++ b/doc/guides/rel_notes/release_20_11.rst @@ -58,6 +58,7 @@ New Features * **Updated the AESNI MB crypto PMD.** * Added support for ZUC-EEA3/EIA3 algorithms. + * Added support for SNOW3G-UEA2/UIA2 algorithms. Removed Items diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index 601ab9a40..75d01264e 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -57,6 +57,7 @@ static const unsigned auth_blocksize[] = { [PLAIN_SHA_512] = 128, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM [IMB_AUTH_ZUC_EIA3_BITLEN] = 16 + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 16 #endif }; @@ -91,6 +92,7 @@ static const unsigned auth_truncated_digest_byte_lengths[] = { [PLAIN_SHA_512] = 64, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4 #endif }; @@ -126,6 +128,7 @@ static const unsigned auth_digest_byte_lengths[] = { [PLAIN_SHA_512] = 64, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4 #endif /**< Vector mode dependent pointer table of the multi-buffer APIs */ @@ -238,6 +241,8 @@ struct aesni_mb_session { /**< Expanded GCM key */ uint8_t zuc_cipher_key[16]; /**< ZUC cipher key */ + snow3g_key_schedule_t pKeySched_snow3g_cipher; + /**< SNOW3G scheduled cipher key */ }; } cipher; @@ -279,6 +284,8 @@ struct aesni_mb_session { /**< Expanded XCBC authentication keys */ uint8_t zuc_auth_key[16]; /**< ZUC authentication key */ + snow3g_key_schedule_t pKeySched_snow3g_auth; + /**< SNOW3G scheduled authentication key */ }; /** Generated digest size by the Multi-buffer library */ uint16_t gen_digest_len; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 54023e013..42f89a955 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -266,6 +266,19 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, memcpy(sess->auth.zuc_auth_key, xform->auth.key.data, 16); return 0; + } else if (xform->auth.algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2) { + sess->auth.algo = IMB_AUTH_SNOW3G_UIA2_BITLEN; + uint16_t snow3g_uia2_digest_len = + get_truncated_digest_byte_length(IMB_AUTH_SNOW3G_UIA2_BITLEN); + if (sess->auth.req_digest_len != snow3g_uia2_digest_len) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } + sess->auth.gen_digest_len = sess->auth.req_digest_len; + + IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->auth.key.data, + &sess->auth.pKeySched_snow3g_auth); + return 0; } #endif @@ -403,6 +416,7 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, uint8_t is_docsis = 0; #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM uint8_t is_zuc = 0; + uint8_t is_snow3g = 0; #endif if (xform == NULL) { @@ -457,6 +471,10 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.mode = IMB_CIPHER_ZUC_EEA3; is_zuc = 1; break; + case RTE_CRYPTO_CIPHER_SNOW3G_UEA2: + sess->cipher.mode = IMB_CIPHER_SNOW3G_UEA2_BITLEN; + is_snow3g = 1; + break; #endif default: AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter"); @@ -565,6 +583,14 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.key_length_in_bytes = 16; memcpy(sess->cipher.zuc_cipher_key, xform->cipher.key.data, 16); + } else if (is_snow3g) { + if (xform->cipher.key.length != 16) { + AESNI_MB_LOG(ERR, "Invalid cipher key length"); + return -EINVAL; + } + sess->cipher.key_length_in_bytes = 16; + IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->cipher.key.data, + &sess->cipher.pKeySched_snow3g_cipher); #endif } else { if (xform->cipher.key.length != 8) { @@ -1214,6 +1240,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->u.ZUC_EIA3._iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->auth_iv.offset); break; + case IMB_AUTH_SNOW3G_UIA2_BITLEN: + job->u.SNOW3G_UIA2._key = (void *) &session->auth.pKeySched_snow3g_auth; + job->u.SNOW3G_UIA2._iv = rte_crypto_op_ctod_offset(op, uint8_t *, + session->auth_iv.offset); + break; #endif default: job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner; @@ -1232,10 +1263,19 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } } + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) + m_offset = op->sym->aead.data.offset; + else + m_offset = op->sym->cipher.data.offset; + #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) { job->aes_enc_key_expanded = session->cipher.zuc_cipher_key; job->aes_dec_key_expanded = session->cipher.zuc_cipher_key; + } else if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN) { + job->enc_keys = &session->cipher.pKeySched_snow3g_cipher; + m_offset = 0; } #endif @@ -1253,12 +1293,6 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, oop = 1; } - if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && - session->cipher.mode == GCM)) - m_offset = op->sym->aead.data.offset; - else - m_offset = op->sym->cipher.data.offset; - /* Set digest output location */ if (job->hash_alg != NULL_HASH && session->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { @@ -1327,6 +1361,7 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; default: + /* For SNOW3G, length and offsets are already in bits */ job->cipher_start_src_offset_in_bytes = op->sym->cipher.data.offset; job->msg_len_to_cipher_in_bytes = op->sym->cipher.data.length; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index f4c4f56fe..9554ff0e7 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -543,6 +543,51 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* SNOW 3G (UIA2) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 4, + .max = 4, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { /* SNOW 3G (UEA2) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, #endif RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -- 2.25.1 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH v2 3/3] crypto/aesni_mb: support KASUMI F8/F9 2020-09-11 11:37 ` [dpdk-dev] [PATCH v2 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2020-09-11 11:38 ` [dpdk-dev] [PATCH v2 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Pablo de Lara @ 2020-09-11 11:38 ` Pablo de Lara 2020-09-11 15:54 ` [dpdk-dev] [PATCH v3 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2 siblings, 0 replies; 16+ messages in thread From: Pablo de Lara @ 2020-09-11 11:38 UTC (permalink / raw) To: dev; +Cc: Pablo de Lara Add support for KASUMI-F8/F9 algorithms through the intel-ipsec-mb job API, allowing the mix of these algorithms with others. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> --- v2: - Added commit description --- doc/guides/cryptodevs/aesni_mb.rst | 2 + doc/guides/cryptodevs/features/aesni_mb.ini | 2 + doc/guides/rel_notes/release_20_11.rst | 1 + .../crypto/aesni_mb/aesni_mb_pmd_private.h | 7 ++++ drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 34 +++++++++++++++ .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 41 +++++++++++++++++++ 6 files changed, 87 insertions(+) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 12bcafcba..85c462e62 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -34,6 +34,7 @@ Cipher algorithms: * RTE_CRYPTO_CIPHER_DES_DOCSISBPI * RTE_CRYPTO_CIPHER_ZUC_EEA3 * RTE_CRYPTO_CIPHER_SNOW3G_UEA2 +* RTE_CRYPTO_CIPHER_KASUMI_F8 Authentication algorithms: @@ -53,6 +54,7 @@ Authentication algorithms: * RTE_CRYPTO_AUTH_SHA512 * RTE_CRYPTO_AUTH_ZUC_EIA3 * RTE_CRYPTO_AUTH_SNOW3G_UIA2 +* RTE_CRYPTO_AUTH_KASUMI_F9 AEAD algorithms: diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index 76a0fd149..f70adcec9 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -32,6 +32,7 @@ DES CBC = Y DES DOCSIS BPI = Y ZUC EEA3 = Y SNOW3G UEA2 = Y +KASUMI F8 = Y ; ; Supported authentication algorithms of the 'aesni_mb' crypto driver. @@ -53,6 +54,7 @@ AES CMAC (128) = Y AES GMAC = Y ZUC EIA3 = Y SNOW3G UIA2 = Y +KASUMI F9 = Y ; ; Supported AEAD algorithms of the 'aesni_mb' crypto driver. diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst index ee8dff904..2b6370025 100644 --- a/doc/guides/rel_notes/release_20_11.rst +++ b/doc/guides/rel_notes/release_20_11.rst @@ -59,6 +59,7 @@ New Features * Added support for ZUC-EEA3/EIA3 algorithms. * Added support for SNOW3G-UEA2/UIA2 algorithms. + * Added support for KASUMI-F8/F9 algorithms. Removed Items diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index 75d01264e..0177b9180 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -58,6 +58,7 @@ static const unsigned auth_blocksize[] = { #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM [IMB_AUTH_ZUC_EIA3_BITLEN] = 16 [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 16 + [IMB_AUTH_KASUMI_UIA1] = 16 #endif }; @@ -93,6 +94,7 @@ static const unsigned auth_truncated_digest_byte_lengths[] = { #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4 + [IMB_AUTH_KASUMI_UIA1] = 4 #endif }; @@ -129,6 +131,7 @@ static const unsigned auth_digest_byte_lengths[] = { #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4 + [IMB_AUTH_KASUMI_UIA1] = 4 #endif /**< Vector mode dependent pointer table of the multi-buffer APIs */ @@ -243,6 +246,8 @@ struct aesni_mb_session { /**< ZUC cipher key */ snow3g_key_schedule_t pKeySched_snow3g_cipher; /**< SNOW3G scheduled cipher key */ + kasumi_key_sched_t pKeySched_kasumi_cipher; + /**< KASUMI scheduled cipher key */ }; } cipher; @@ -286,6 +291,8 @@ struct aesni_mb_session { /**< ZUC authentication key */ snow3g_key_schedule_t pKeySched_snow3g_auth; /**< SNOW3G scheduled authentication key */ + kasumi_key_sched_t pKeySched_kasumi_auth; + /**< KASUMI scheduled authentication key */ }; /** Generated digest size by the Multi-buffer library */ uint16_t gen_digest_len; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 42f89a955..df4d86d0f 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -279,6 +279,19 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->auth.key.data, &sess->auth.pKeySched_snow3g_auth); return 0; + } else if (xform->auth.algo == RTE_CRYPTO_AUTH_KASUMI_F9) { + sess->auth.algo = IMB_AUTH_KASUMI_UIA1; + uint16_t kasumi_f9_digest_len = + get_truncated_digest_byte_length(IMB_AUTH_KASUMI_UIA1); + if (sess->auth.req_digest_len != kasumi_f9_digest_len) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } + sess->auth.gen_digest_len = sess->auth.req_digest_len; + + IMB_KASUMI_INIT_F9_KEY_SCHED(mb_mgr, xform->auth.key.data, + &sess->auth.pKeySched_kasumi_auth); + return 0; } #endif @@ -417,6 +430,7 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM uint8_t is_zuc = 0; uint8_t is_snow3g = 0; + uint8_t is_kasumi = 0; #endif if (xform == NULL) { @@ -475,6 +489,10 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.mode = IMB_CIPHER_SNOW3G_UEA2_BITLEN; is_snow3g = 1; break; + case RTE_CRYPTO_CIPHER_KASUMI_F8: + sess->cipher.mode = IMB_CIPHER_KASUMI_UEA1_BITLEN; + is_kasumi = 1; + break; #endif default: AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter"); @@ -591,6 +609,14 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.key_length_in_bytes = 16; IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->cipher.key.data, &sess->cipher.pKeySched_snow3g_cipher); + } else if (is_kasumi) { + if (xform->cipher.key.length != 16) { + AESNI_MB_LOG(ERR, "Invalid cipher key length"); + return -EINVAL; + } + sess->cipher.key_length_in_bytes = 16; + IMB_KASUMI_INIT_F8_KEY_SCHED(mb_mgr, xform->cipher.key.data, + &sess->cipher.pKeySched_kasumi_cipher); #endif } else { if (xform->cipher.key.length != 8) { @@ -1245,6 +1271,9 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->u.SNOW3G_UIA2._iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->auth_iv.offset); break; + case IMB_AUTH_KASUMI_UIA1: + job->u.KASUMI_UIA1._key = (void *) &session->auth.pKeySched_kasumi_auth; + break; #endif default: job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner; @@ -1276,6 +1305,9 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } else if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN) { job->enc_keys = &session->cipher.pKeySched_snow3g_cipher; m_offset = 0; + } else if (job->cipher_mode == IMB_CIPHER_KASUMI_UEA1_BITLEN) { + job->enc_keys = &session->cipher.pKeySched_kasumi_cipher; + m_offset = 0; } #endif @@ -1377,6 +1409,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) job->msg_len_to_cipher_in_bytes >>= 3; + else if (job->hash_alg == IMB_AUTH_KASUMI_UIA1) + job->msg_len_to_hash_in_bytes >>= 3; #endif /* Set user data to be crypto operation data struct */ diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 9554ff0e7..7f5ef66c5 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -588,6 +588,47 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* KASUMI (F9) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_KASUMI_F9, + .block_size = 8, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 4, + .max = 4, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* KASUMI (F8) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_KASUMI_F8, + .block_size = 8, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 8, + .max = 8, + .increment = 0 + } + }, } + }, } + }, #endif RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -- 2.25.1 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH v3 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 2020-09-11 11:37 ` [dpdk-dev] [PATCH v2 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2020-09-11 11:38 ` [dpdk-dev] [PATCH v2 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Pablo de Lara 2020-09-11 11:38 ` [dpdk-dev] [PATCH v2 3/3] crypto/aesni_mb: support KASUMI F8/F9 Pablo de Lara @ 2020-09-11 15:54 ` Pablo de Lara 2020-09-11 15:54 ` [dpdk-dev] [PATCH v3 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Pablo de Lara ` (2 more replies) 2 siblings, 3 replies; 16+ messages in thread From: Pablo de Lara @ 2020-09-11 15:54 UTC (permalink / raw) To: dev; +Cc: Pablo de Lara Add support for ZUC-EEA3/EIA3 algorithms through the intel-ipsec-mb job API, allowing the mix of these algorithms with others. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> --- v3: - No changes v2: - Added commit description - Fixed checkpatch issues --- doc/guides/cryptodevs/aesni_mb.rst | 36 ++--- doc/guides/cryptodevs/features/aesni_mb.ini | 2 + doc/guides/rel_notes/release_20_11.rst | 4 + .../crypto/aesni_mb/aesni_mb_pmd_private.h | 127 ++++++++++-------- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 62 ++++++++- .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 47 +++++++ 6 files changed, 205 insertions(+), 73 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 15388d20a..0cb58bfe5 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -32,23 +32,25 @@ Cipher algorithms: * RTE_CRYPTO_CIPHER_DES_CBC * RTE_CRYPTO_CIPHER_3DES_CBC * RTE_CRYPTO_CIPHER_DES_DOCSISBPI - -Hash algorithms: - -* RTE_CRYPTO_HASH_MD5_HMAC -* RTE_CRYPTO_HASH_SHA1_HMAC -* RTE_CRYPTO_HASH_SHA224_HMAC -* RTE_CRYPTO_HASH_SHA256_HMAC -* RTE_CRYPTO_HASH_SHA384_HMAC -* RTE_CRYPTO_HASH_SHA512_HMAC -* RTE_CRYPTO_HASH_AES_XCBC_HMAC -* RTE_CRYPTO_HASH_AES_CMAC -* RTE_CRYPTO_HASH_AES_GMAC -* RTE_CRYPTO_HASH_SHA1 -* RTE_CRYPTO_HASH_SHA224 -* RTE_CRYPTO_HASH_SHA256 -* RTE_CRYPTO_HASH_SHA384 -* RTE_CRYPTO_HASH_SHA512 +* RTE_CRYPTO_CIPHER_ZUC_EEA3 + +Authentication algorithms: + +* RTE_CRYPTO_AUTH_MD5_HMAC +* RTE_CRYPTO_AUTH_SHA1_HMAC +* RTE_CRYPTO_AUTH_SHA224_HMAC +* RTE_CRYPTO_AUTH_SHA256_HMAC +* RTE_CRYPTO_AUTH_SHA384_HMAC +* RTE_CRYPTO_AUTH_SHA512_HMAC +* RTE_CRYPTO_AUTH_AES_XCBC_HMAC +* RTE_CRYPTO_AUTH_AES_CMAC +* RTE_CRYPTO_AUTH_AES_GMAC +* RTE_CRYPTO_AUTH_SHA1 +* RTE_CRYPTO_AUTH_SHA224 +* RTE_CRYPTO_AUTH_SHA256 +* RTE_CRYPTO_AUTH_SHA384 +* RTE_CRYPTO_AUTH_SHA512 +* RTE_CRYPTO_AUTH_ZUC_EIA3 AEAD algorithms: diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index 38d255aff..47210333c 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -30,6 +30,7 @@ AES DOCSIS BPI = Y DES CBC = Y 3DES CBC = Y DES DOCSIS BPI = Y +ZUC EEA3 = Y ; ; Supported authentication algorithms of the 'aesni_mb' crypto driver. @@ -49,6 +50,7 @@ SHA512 HMAC = Y AES XCBC MAC = Y AES CMAC (128) = Y AES GMAC = Y +ZUC EIA3 = Y ; ; Supported AEAD algorithms of the 'aesni_mb' crypto driver. diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst index df227a177..1dc822cb7 100644 --- a/doc/guides/rel_notes/release_20_11.rst +++ b/doc/guides/rel_notes/release_20_11.rst @@ -55,6 +55,10 @@ New Features Also, make sure to start the actual text at the margin. ======================================================= +* **Updated the AESNI MB crypto PMD.** + + * Added support for ZUC-EEA3/EIA3 algorithms. + Removed Items ------------- diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index e0c7b4f7c..601ab9a40 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -39,22 +39,25 @@ extern int aesni_mb_logtype_driver; /* Maximum length for digest */ #define DIGEST_LENGTH_MAX 64 static const unsigned auth_blocksize[] = { - [NULL_HASH] = 0, - [MD5] = 64, - [SHA1] = 64, - [SHA_224] = 64, - [SHA_256] = 64, - [SHA_384] = 128, - [SHA_512] = 128, - [AES_XCBC] = 16, - [AES_CCM] = 16, - [AES_CMAC] = 16, - [AES_GMAC] = 16, - [PLAIN_SHA1] = 64, - [PLAIN_SHA_224] = 64, - [PLAIN_SHA_256] = 64, - [PLAIN_SHA_384] = 128, - [PLAIN_SHA_512] = 128 + [NULL_HASH] = 0, + [MD5] = 64, + [SHA1] = 64, + [SHA_224] = 64, + [SHA_256] = 64, + [SHA_384] = 128, + [SHA_512] = 128, + [AES_XCBC] = 16, + [AES_CCM] = 16, + [AES_CMAC] = 16, + [AES_GMAC] = 16, + [PLAIN_SHA1] = 64, + [PLAIN_SHA_224] = 64, + [PLAIN_SHA_256] = 64, + [PLAIN_SHA_384] = 128, + [PLAIN_SHA_512] = 128, +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + [IMB_AUTH_ZUC_EIA3_BITLEN] = 16 +#endif }; /** @@ -70,22 +73,25 @@ get_auth_algo_blocksize(JOB_HASH_ALG algo) } static const unsigned auth_truncated_digest_byte_lengths[] = { - [MD5] = 12, - [SHA1] = 12, - [SHA_224] = 14, - [SHA_256] = 16, - [SHA_384] = 24, - [SHA_512] = 32, - [AES_XCBC] = 12, - [AES_CMAC] = 12, - [AES_CCM] = 8, - [NULL_HASH] = 0, - [AES_GMAC] = 16, - [PLAIN_SHA1] = 20, - [PLAIN_SHA_224] = 28, - [PLAIN_SHA_256] = 32, - [PLAIN_SHA_384] = 48, - [PLAIN_SHA_512] = 64 + [MD5] = 12, + [SHA1] = 12, + [SHA_224] = 14, + [SHA_256] = 16, + [SHA_384] = 24, + [SHA_512] = 32, + [AES_XCBC] = 12, + [AES_CMAC] = 12, + [AES_CCM] = 8, + [NULL_HASH] = 0, + [AES_GMAC] = 16, + [PLAIN_SHA1] = 20, + [PLAIN_SHA_224] = 28, + [PLAIN_SHA_256] = 32, + [PLAIN_SHA_384] = 48, + [PLAIN_SHA_512] = 64, +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 +#endif }; /** @@ -102,22 +108,25 @@ get_truncated_digest_byte_length(JOB_HASH_ALG algo) } static const unsigned auth_digest_byte_lengths[] = { - [MD5] = 16, - [SHA1] = 20, - [SHA_224] = 28, - [SHA_256] = 32, - [SHA_384] = 48, - [SHA_512] = 64, - [AES_XCBC] = 16, - [AES_CMAC] = 16, - [AES_CCM] = 16, - [AES_GMAC] = 12, - [NULL_HASH] = 0, - [PLAIN_SHA1] = 20, - [PLAIN_SHA_224] = 28, - [PLAIN_SHA_256] = 32, - [PLAIN_SHA_384] = 48, - [PLAIN_SHA_512] = 64 + [MD5] = 16, + [SHA1] = 20, + [SHA_224] = 28, + [SHA_256] = 32, + [SHA_384] = 48, + [SHA_512] = 64, + [AES_XCBC] = 16, + [AES_CMAC] = 16, + [AES_CCM] = 16, + [AES_GMAC] = 12, + [NULL_HASH] = 0, + [PLAIN_SHA1] = 20, + [PLAIN_SHA_224] = 28, + [PLAIN_SHA_256] = 32, + [PLAIN_SHA_384] = 48, + [PLAIN_SHA_512] = 64, +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 +#endif /**< Vector mode dependent pointer table of the multi-buffer APIs */ }; @@ -189,6 +198,10 @@ struct aesni_mb_session { uint16_t length; uint16_t offset; } iv; + struct { + uint16_t length; + uint16_t offset; + } auth_iv; /**< IV parameters */ /** Cipher Parameters */const struct aesni_mb_op_fns *op_fns; @@ -209,19 +222,23 @@ struct aesni_mb_session { uint32_t decode[60] __rte_aligned(16); /**< decode key */ } expanded_aes_keys; + /**< Expanded AES keys - Allocating space to + * contain the maximum expanded key size which + * is 240 bytes for 256 bit AES, calculate by: + * ((key size (bytes)) * + * ((number of rounds) + 1)) + */ struct { const void *ks_ptr[3]; uint64_t key[3][16]; } exp_3des_keys; + /**< Expanded 3DES keys */ struct gcm_key_data gcm_key; + /**< Expanded GCM key */ + uint8_t zuc_cipher_key[16]; + /**< ZUC cipher key */ }; - /**< Expanded AES keys - Allocating space to - * contain the maximum expanded key size which - * is 240 bytes for 256 bit AES, calculate by: - * ((key size (bytes)) * - * ((number of rounds) + 1)) - */ } cipher; /** Authentication Parameters */ @@ -260,6 +277,8 @@ struct aesni_mb_session { /**< k3. */ } cmac; /**< Expanded XCBC authentication keys */ + uint8_t zuc_auth_key[16]; + /**< ZUC authentication key */ }; /** Generated digest size by the Multi-buffer library */ uint16_t gen_digest_len; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 1bddbcf74..54023e013 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -146,6 +146,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, return -1; } + /* Set IV parameters */ + sess->auth_iv.offset = xform->auth.iv.offset; + sess->auth_iv.length = xform->auth.iv.length; + /* Set the request digest size */ sess->auth.req_digest_len = xform->auth.digest_length; @@ -249,6 +253,22 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, return 0; } +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + if (xform->auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3) { + sess->auth.algo = IMB_AUTH_ZUC_EIA3_BITLEN; + uint16_t zuc_eia3_digest_len = + get_truncated_digest_byte_length(IMB_AUTH_ZUC_EIA3_BITLEN); + if (sess->auth.req_digest_len != zuc_eia3_digest_len) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } + sess->auth.gen_digest_len = sess->auth.req_digest_len; + + memcpy(sess->auth.zuc_auth_key, xform->auth.key.data, 16); + return 0; + } +#endif + switch (xform->auth.algo) { case RTE_CRYPTO_AUTH_MD5_HMAC: sess->auth.algo = MD5; @@ -381,6 +401,9 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, uint8_t is_aes = 0; uint8_t is_3DES = 0; uint8_t is_docsis = 0; +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + uint8_t is_zuc = 0; +#endif if (xform == NULL) { sess->cipher.mode = NULL_CIPHER; @@ -429,6 +452,12 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.mode = DES3; is_3DES = 1; break; +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + case RTE_CRYPTO_CIPHER_ZUC_EEA3: + sess->cipher.mode = IMB_CIPHER_ZUC_EEA3; + is_zuc = 1; + break; +#endif default: AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter"); return -ENOTSUP; @@ -471,7 +500,7 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.expanded_aes_keys.encode, sess->cipher.expanded_aes_keys.decode); break; -#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM case AES_256_BYTES: sess->cipher.key_length_in_bytes = AES_256_BYTES; IMB_AES_KEYEXP_256(mb_mgr, xform->cipher.key.data, @@ -527,6 +556,16 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, } sess->cipher.key_length_in_bytes = 24; +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + } else if (is_zuc) { + if (xform->cipher.key.length != 16) { + AESNI_MB_LOG(ERR, "Invalid cipher key length"); + return -EINVAL; + } + sess->cipher.key_length_in_bytes = 16; + memcpy(sess->cipher.zuc_cipher_key, xform->cipher.key.data, + 16); +#endif } else { if (xform->cipher.key.length != 8) { AESNI_MB_LOG(ERR, "Invalid cipher key length"); @@ -693,6 +732,7 @@ aesni_mb_set_session_parameters(const MB_MGR *mb_mgr, /* Default IV length = 0 */ sess->iv.length = 0; + sess->auth_iv.length = 0; ret = aesni_mb_set_session_auth_parameters(mb_mgr, sess, auth_xform); if (ret != 0) { @@ -1168,7 +1208,13 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->aes_enc_key_expanded = &session->cipher.gcm_key; job->aes_dec_key_expanded = &session->cipher.gcm_key; break; - +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + case IMB_AUTH_ZUC_EIA3_BITLEN: + job->u.ZUC_EIA3._key = session->auth.zuc_auth_key; + job->u.ZUC_EIA3._iv = rte_crypto_op_ctod_offset(op, uint8_t *, + session->auth_iv.offset); + break; +#endif default: job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner; job->u.HMAC._hashed_auth_key_xor_opad = session->auth.pads.outer; @@ -1186,6 +1232,13 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } } +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) { + job->aes_enc_key_expanded = session->cipher.zuc_cipher_key; + job->aes_dec_key_expanded = session->cipher.zuc_cipher_key; + } +#endif + if (!op->sym->m_dst) { /* in-place operation */ m_dst = m_src; @@ -1286,6 +1339,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, session->iv.offset); } +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) + job->msg_len_to_cipher_in_bytes >>= 3; +#endif + /* Set user data to be crypto operation data struct */ job->user_data = op; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 2362f0c3c..f4c4f56fe 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -497,6 +497,53 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + { /* ZUC (EIA3) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 4, + .max = 4, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { /* ZUC (EEA3) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + }, } + }, } + }, +#endif RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -- 2.25.1 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH v3 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 2020-09-11 15:54 ` [dpdk-dev] [PATCH v3 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara @ 2020-09-11 15:54 ` Pablo de Lara 2020-09-11 15:54 ` [dpdk-dev] [PATCH v3 3/3] crypto/aesni_mb: support KASUMI F8/F9 Pablo de Lara 2020-09-21 11:45 ` [dpdk-dev] [PATCH v4 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2 siblings, 0 replies; 16+ messages in thread From: Pablo de Lara @ 2020-09-11 15:54 UTC (permalink / raw) To: dev; +Cc: Pablo de Lara Add support for SNOW3G-UEA2/UIA2 algorithms through the intel-ipsec-mb job API, allowing the mix of these algorithms with others. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> --- v3: - Fixed compilation v2: - Added commit description --- doc/guides/cryptodevs/aesni_mb.rst | 2 + doc/guides/cryptodevs/features/aesni_mb.ini | 2 + doc/guides/rel_notes/release_20_11.rst | 1 + .../crypto/aesni_mb/aesni_mb_pmd_private.h | 13 +++-- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 47 ++++++++++++++++--- .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 45 ++++++++++++++++++ 6 files changed, 101 insertions(+), 9 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 0cb58bfe5..12bcafcba 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -33,6 +33,7 @@ Cipher algorithms: * RTE_CRYPTO_CIPHER_3DES_CBC * RTE_CRYPTO_CIPHER_DES_DOCSISBPI * RTE_CRYPTO_CIPHER_ZUC_EEA3 +* RTE_CRYPTO_CIPHER_SNOW3G_UEA2 Authentication algorithms: @@ -51,6 +52,7 @@ Authentication algorithms: * RTE_CRYPTO_AUTH_SHA384 * RTE_CRYPTO_AUTH_SHA512 * RTE_CRYPTO_AUTH_ZUC_EIA3 +* RTE_CRYPTO_AUTH_SNOW3G_UIA2 AEAD algorithms: diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index 47210333c..76a0fd149 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -31,6 +31,7 @@ DES CBC = Y 3DES CBC = Y DES DOCSIS BPI = Y ZUC EEA3 = Y +SNOW3G UEA2 = Y ; ; Supported authentication algorithms of the 'aesni_mb' crypto driver. @@ -51,6 +52,7 @@ AES XCBC MAC = Y AES CMAC (128) = Y AES GMAC = Y ZUC EIA3 = Y +SNOW3G UIA2 = Y ; ; Supported AEAD algorithms of the 'aesni_mb' crypto driver. diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst index 1dc822cb7..ee8dff904 100644 --- a/doc/guides/rel_notes/release_20_11.rst +++ b/doc/guides/rel_notes/release_20_11.rst @@ -58,6 +58,7 @@ New Features * **Updated the AESNI MB crypto PMD.** * Added support for ZUC-EEA3/EIA3 algorithms. + * Added support for SNOW3G-UEA2/UIA2 algorithms. Removed Items diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index 601ab9a40..96b044c92 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -56,7 +56,8 @@ static const unsigned auth_blocksize[] = { [PLAIN_SHA_384] = 128, [PLAIN_SHA_512] = 128, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM - [IMB_AUTH_ZUC_EIA3_BITLEN] = 16 + [IMB_AUTH_ZUC_EIA3_BITLEN] = 16, + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 16 #endif }; @@ -90,7 +91,8 @@ static const unsigned auth_truncated_digest_byte_lengths[] = { [PLAIN_SHA_384] = 48, [PLAIN_SHA_512] = 64, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM - [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 + [IMB_AUTH_ZUC_EIA3_BITLEN] = 4, + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4 #endif }; @@ -125,7 +127,8 @@ static const unsigned auth_digest_byte_lengths[] = { [PLAIN_SHA_384] = 48, [PLAIN_SHA_512] = 64, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM - [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 + [IMB_AUTH_ZUC_EIA3_BITLEN] = 4, + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4 #endif /**< Vector mode dependent pointer table of the multi-buffer APIs */ @@ -238,6 +241,8 @@ struct aesni_mb_session { /**< Expanded GCM key */ uint8_t zuc_cipher_key[16]; /**< ZUC cipher key */ + snow3g_key_schedule_t pKeySched_snow3g_cipher; + /**< SNOW3G scheduled cipher key */ }; } cipher; @@ -279,6 +284,8 @@ struct aesni_mb_session { /**< Expanded XCBC authentication keys */ uint8_t zuc_auth_key[16]; /**< ZUC authentication key */ + snow3g_key_schedule_t pKeySched_snow3g_auth; + /**< SNOW3G scheduled authentication key */ }; /** Generated digest size by the Multi-buffer library */ uint16_t gen_digest_len; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 54023e013..42f89a955 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -266,6 +266,19 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, memcpy(sess->auth.zuc_auth_key, xform->auth.key.data, 16); return 0; + } else if (xform->auth.algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2) { + sess->auth.algo = IMB_AUTH_SNOW3G_UIA2_BITLEN; + uint16_t snow3g_uia2_digest_len = + get_truncated_digest_byte_length(IMB_AUTH_SNOW3G_UIA2_BITLEN); + if (sess->auth.req_digest_len != snow3g_uia2_digest_len) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } + sess->auth.gen_digest_len = sess->auth.req_digest_len; + + IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->auth.key.data, + &sess->auth.pKeySched_snow3g_auth); + return 0; } #endif @@ -403,6 +416,7 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, uint8_t is_docsis = 0; #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM uint8_t is_zuc = 0; + uint8_t is_snow3g = 0; #endif if (xform == NULL) { @@ -457,6 +471,10 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.mode = IMB_CIPHER_ZUC_EEA3; is_zuc = 1; break; + case RTE_CRYPTO_CIPHER_SNOW3G_UEA2: + sess->cipher.mode = IMB_CIPHER_SNOW3G_UEA2_BITLEN; + is_snow3g = 1; + break; #endif default: AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter"); @@ -565,6 +583,14 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.key_length_in_bytes = 16; memcpy(sess->cipher.zuc_cipher_key, xform->cipher.key.data, 16); + } else if (is_snow3g) { + if (xform->cipher.key.length != 16) { + AESNI_MB_LOG(ERR, "Invalid cipher key length"); + return -EINVAL; + } + sess->cipher.key_length_in_bytes = 16; + IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->cipher.key.data, + &sess->cipher.pKeySched_snow3g_cipher); #endif } else { if (xform->cipher.key.length != 8) { @@ -1214,6 +1240,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->u.ZUC_EIA3._iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->auth_iv.offset); break; + case IMB_AUTH_SNOW3G_UIA2_BITLEN: + job->u.SNOW3G_UIA2._key = (void *) &session->auth.pKeySched_snow3g_auth; + job->u.SNOW3G_UIA2._iv = rte_crypto_op_ctod_offset(op, uint8_t *, + session->auth_iv.offset); + break; #endif default: job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner; @@ -1232,10 +1263,19 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } } + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) + m_offset = op->sym->aead.data.offset; + else + m_offset = op->sym->cipher.data.offset; + #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) { job->aes_enc_key_expanded = session->cipher.zuc_cipher_key; job->aes_dec_key_expanded = session->cipher.zuc_cipher_key; + } else if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN) { + job->enc_keys = &session->cipher.pKeySched_snow3g_cipher; + m_offset = 0; } #endif @@ -1253,12 +1293,6 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, oop = 1; } - if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && - session->cipher.mode == GCM)) - m_offset = op->sym->aead.data.offset; - else - m_offset = op->sym->cipher.data.offset; - /* Set digest output location */ if (job->hash_alg != NULL_HASH && session->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { @@ -1327,6 +1361,7 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; default: + /* For SNOW3G, length and offsets are already in bits */ job->cipher_start_src_offset_in_bytes = op->sym->cipher.data.offset; job->msg_len_to_cipher_in_bytes = op->sym->cipher.data.length; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index f4c4f56fe..9554ff0e7 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -543,6 +543,51 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* SNOW 3G (UIA2) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 4, + .max = 4, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { /* SNOW 3G (UEA2) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, #endif RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -- 2.25.1 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH v3 3/3] crypto/aesni_mb: support KASUMI F8/F9 2020-09-11 15:54 ` [dpdk-dev] [PATCH v3 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2020-09-11 15:54 ` [dpdk-dev] [PATCH v3 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Pablo de Lara @ 2020-09-11 15:54 ` Pablo de Lara 2020-09-21 11:45 ` [dpdk-dev] [PATCH v4 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2 siblings, 0 replies; 16+ messages in thread From: Pablo de Lara @ 2020-09-11 15:54 UTC (permalink / raw) To: dev; +Cc: Pablo de Lara Add support for KASUMI-F8/F9 algorithms through the intel-ipsec-mb job API, allowing the mix of these algorithms with others. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> --- v3: - Fixed compilation v2: - Added commit description --- doc/guides/cryptodevs/aesni_mb.rst | 2 + doc/guides/cryptodevs/features/aesni_mb.ini | 2 + doc/guides/rel_notes/release_20_11.rst | 1 + .../crypto/aesni_mb/aesni_mb_pmd_private.h | 13 ++++-- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 34 +++++++++++++++ .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 41 +++++++++++++++++++ 6 files changed, 90 insertions(+), 3 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 12bcafcba..85c462e62 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -34,6 +34,7 @@ Cipher algorithms: * RTE_CRYPTO_CIPHER_DES_DOCSISBPI * RTE_CRYPTO_CIPHER_ZUC_EEA3 * RTE_CRYPTO_CIPHER_SNOW3G_UEA2 +* RTE_CRYPTO_CIPHER_KASUMI_F8 Authentication algorithms: @@ -53,6 +54,7 @@ Authentication algorithms: * RTE_CRYPTO_AUTH_SHA512 * RTE_CRYPTO_AUTH_ZUC_EIA3 * RTE_CRYPTO_AUTH_SNOW3G_UIA2 +* RTE_CRYPTO_AUTH_KASUMI_F9 AEAD algorithms: diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index 76a0fd149..f70adcec9 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -32,6 +32,7 @@ DES CBC = Y DES DOCSIS BPI = Y ZUC EEA3 = Y SNOW3G UEA2 = Y +KASUMI F8 = Y ; ; Supported authentication algorithms of the 'aesni_mb' crypto driver. @@ -53,6 +54,7 @@ AES CMAC (128) = Y AES GMAC = Y ZUC EIA3 = Y SNOW3G UIA2 = Y +KASUMI F9 = Y ; ; Supported AEAD algorithms of the 'aesni_mb' crypto driver. diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst index ee8dff904..2b6370025 100644 --- a/doc/guides/rel_notes/release_20_11.rst +++ b/doc/guides/rel_notes/release_20_11.rst @@ -59,6 +59,7 @@ New Features * Added support for ZUC-EEA3/EIA3 algorithms. * Added support for SNOW3G-UEA2/UIA2 algorithms. + * Added support for KASUMI-F8/F9 algorithms. Removed Items diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index 96b044c92..e2f36f57c 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -57,7 +57,8 @@ static const unsigned auth_blocksize[] = { [PLAIN_SHA_512] = 128, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM [IMB_AUTH_ZUC_EIA3_BITLEN] = 16, - [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 16 + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 16, + [IMB_AUTH_KASUMI_UIA1] = 16 #endif }; @@ -92,7 +93,8 @@ static const unsigned auth_truncated_digest_byte_lengths[] = { [PLAIN_SHA_512] = 64, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM [IMB_AUTH_ZUC_EIA3_BITLEN] = 4, - [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4 + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4, + [IMB_AUTH_KASUMI_UIA1] = 4 #endif }; @@ -128,7 +130,8 @@ static const unsigned auth_digest_byte_lengths[] = { [PLAIN_SHA_512] = 64, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM [IMB_AUTH_ZUC_EIA3_BITLEN] = 4, - [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4 + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4, + [IMB_AUTH_KASUMI_UIA1] = 4 #endif /**< Vector mode dependent pointer table of the multi-buffer APIs */ @@ -243,6 +246,8 @@ struct aesni_mb_session { /**< ZUC cipher key */ snow3g_key_schedule_t pKeySched_snow3g_cipher; /**< SNOW3G scheduled cipher key */ + kasumi_key_sched_t pKeySched_kasumi_cipher; + /**< KASUMI scheduled cipher key */ }; } cipher; @@ -286,6 +291,8 @@ struct aesni_mb_session { /**< ZUC authentication key */ snow3g_key_schedule_t pKeySched_snow3g_auth; /**< SNOW3G scheduled authentication key */ + kasumi_key_sched_t pKeySched_kasumi_auth; + /**< KASUMI scheduled authentication key */ }; /** Generated digest size by the Multi-buffer library */ uint16_t gen_digest_len; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 42f89a955..df4d86d0f 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -279,6 +279,19 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->auth.key.data, &sess->auth.pKeySched_snow3g_auth); return 0; + } else if (xform->auth.algo == RTE_CRYPTO_AUTH_KASUMI_F9) { + sess->auth.algo = IMB_AUTH_KASUMI_UIA1; + uint16_t kasumi_f9_digest_len = + get_truncated_digest_byte_length(IMB_AUTH_KASUMI_UIA1); + if (sess->auth.req_digest_len != kasumi_f9_digest_len) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } + sess->auth.gen_digest_len = sess->auth.req_digest_len; + + IMB_KASUMI_INIT_F9_KEY_SCHED(mb_mgr, xform->auth.key.data, + &sess->auth.pKeySched_kasumi_auth); + return 0; } #endif @@ -417,6 +430,7 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM uint8_t is_zuc = 0; uint8_t is_snow3g = 0; + uint8_t is_kasumi = 0; #endif if (xform == NULL) { @@ -475,6 +489,10 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.mode = IMB_CIPHER_SNOW3G_UEA2_BITLEN; is_snow3g = 1; break; + case RTE_CRYPTO_CIPHER_KASUMI_F8: + sess->cipher.mode = IMB_CIPHER_KASUMI_UEA1_BITLEN; + is_kasumi = 1; + break; #endif default: AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter"); @@ -591,6 +609,14 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.key_length_in_bytes = 16; IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->cipher.key.data, &sess->cipher.pKeySched_snow3g_cipher); + } else if (is_kasumi) { + if (xform->cipher.key.length != 16) { + AESNI_MB_LOG(ERR, "Invalid cipher key length"); + return -EINVAL; + } + sess->cipher.key_length_in_bytes = 16; + IMB_KASUMI_INIT_F8_KEY_SCHED(mb_mgr, xform->cipher.key.data, + &sess->cipher.pKeySched_kasumi_cipher); #endif } else { if (xform->cipher.key.length != 8) { @@ -1245,6 +1271,9 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->u.SNOW3G_UIA2._iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->auth_iv.offset); break; + case IMB_AUTH_KASUMI_UIA1: + job->u.KASUMI_UIA1._key = (void *) &session->auth.pKeySched_kasumi_auth; + break; #endif default: job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner; @@ -1276,6 +1305,9 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } else if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN) { job->enc_keys = &session->cipher.pKeySched_snow3g_cipher; m_offset = 0; + } else if (job->cipher_mode == IMB_CIPHER_KASUMI_UEA1_BITLEN) { + job->enc_keys = &session->cipher.pKeySched_kasumi_cipher; + m_offset = 0; } #endif @@ -1377,6 +1409,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) job->msg_len_to_cipher_in_bytes >>= 3; + else if (job->hash_alg == IMB_AUTH_KASUMI_UIA1) + job->msg_len_to_hash_in_bytes >>= 3; #endif /* Set user data to be crypto operation data struct */ diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 9554ff0e7..7f5ef66c5 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -588,6 +588,47 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* KASUMI (F9) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_KASUMI_F9, + .block_size = 8, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 4, + .max = 4, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* KASUMI (F8) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_KASUMI_F8, + .block_size = 8, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 8, + .max = 8, + .increment = 0 + } + }, } + }, } + }, #endif RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -- 2.25.1 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH v4 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 2020-09-11 15:54 ` [dpdk-dev] [PATCH v3 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2020-09-11 15:54 ` [dpdk-dev] [PATCH v3 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Pablo de Lara 2020-09-11 15:54 ` [dpdk-dev] [PATCH v3 3/3] crypto/aesni_mb: support KASUMI F8/F9 Pablo de Lara @ 2020-09-21 11:45 ` Pablo de Lara 2020-09-21 11:45 ` [dpdk-dev] [PATCH v4 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Pablo de Lara ` (2 more replies) 2 siblings, 3 replies; 16+ messages in thread From: Pablo de Lara @ 2020-09-21 11:45 UTC (permalink / raw) To: declan.doherty; +Cc: dev, Pablo de Lara Add support for ZUC-EEA3/EIA3 algorithms through the intel-ipsec-mb job API, allowing the mix of these algorithms with others. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> --- v3/v4: - No changes v2: - Added commit description - Fixed checkpatch issues --- doc/guides/cryptodevs/aesni_mb.rst | 36 ++--- doc/guides/cryptodevs/features/aesni_mb.ini | 2 + doc/guides/rel_notes/release_20_11.rst | 4 + .../crypto/aesni_mb/aesni_mb_pmd_private.h | 127 ++++++++++-------- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 62 ++++++++- .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 47 +++++++ 6 files changed, 205 insertions(+), 73 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 15388d20a..0cb58bfe5 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -32,23 +32,25 @@ Cipher algorithms: * RTE_CRYPTO_CIPHER_DES_CBC * RTE_CRYPTO_CIPHER_3DES_CBC * RTE_CRYPTO_CIPHER_DES_DOCSISBPI - -Hash algorithms: - -* RTE_CRYPTO_HASH_MD5_HMAC -* RTE_CRYPTO_HASH_SHA1_HMAC -* RTE_CRYPTO_HASH_SHA224_HMAC -* RTE_CRYPTO_HASH_SHA256_HMAC -* RTE_CRYPTO_HASH_SHA384_HMAC -* RTE_CRYPTO_HASH_SHA512_HMAC -* RTE_CRYPTO_HASH_AES_XCBC_HMAC -* RTE_CRYPTO_HASH_AES_CMAC -* RTE_CRYPTO_HASH_AES_GMAC -* RTE_CRYPTO_HASH_SHA1 -* RTE_CRYPTO_HASH_SHA224 -* RTE_CRYPTO_HASH_SHA256 -* RTE_CRYPTO_HASH_SHA384 -* RTE_CRYPTO_HASH_SHA512 +* RTE_CRYPTO_CIPHER_ZUC_EEA3 + +Authentication algorithms: + +* RTE_CRYPTO_AUTH_MD5_HMAC +* RTE_CRYPTO_AUTH_SHA1_HMAC +* RTE_CRYPTO_AUTH_SHA224_HMAC +* RTE_CRYPTO_AUTH_SHA256_HMAC +* RTE_CRYPTO_AUTH_SHA384_HMAC +* RTE_CRYPTO_AUTH_SHA512_HMAC +* RTE_CRYPTO_AUTH_AES_XCBC_HMAC +* RTE_CRYPTO_AUTH_AES_CMAC +* RTE_CRYPTO_AUTH_AES_GMAC +* RTE_CRYPTO_AUTH_SHA1 +* RTE_CRYPTO_AUTH_SHA224 +* RTE_CRYPTO_AUTH_SHA256 +* RTE_CRYPTO_AUTH_SHA384 +* RTE_CRYPTO_AUTH_SHA512 +* RTE_CRYPTO_AUTH_ZUC_EIA3 AEAD algorithms: diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index 38d255aff..47210333c 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -30,6 +30,7 @@ AES DOCSIS BPI = Y DES CBC = Y 3DES CBC = Y DES DOCSIS BPI = Y +ZUC EEA3 = Y ; ; Supported authentication algorithms of the 'aesni_mb' crypto driver. @@ -49,6 +50,7 @@ SHA512 HMAC = Y AES XCBC MAC = Y AES CMAC (128) = Y AES GMAC = Y +ZUC EIA3 = Y ; ; Supported AEAD algorithms of the 'aesni_mb' crypto driver. diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst index df227a177..1dc822cb7 100644 --- a/doc/guides/rel_notes/release_20_11.rst +++ b/doc/guides/rel_notes/release_20_11.rst @@ -55,6 +55,10 @@ New Features Also, make sure to start the actual text at the margin. ======================================================= +* **Updated the AESNI MB crypto PMD.** + + * Added support for ZUC-EEA3/EIA3 algorithms. + Removed Items ------------- diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index e0c7b4f7c..601ab9a40 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -39,22 +39,25 @@ extern int aesni_mb_logtype_driver; /* Maximum length for digest */ #define DIGEST_LENGTH_MAX 64 static const unsigned auth_blocksize[] = { - [NULL_HASH] = 0, - [MD5] = 64, - [SHA1] = 64, - [SHA_224] = 64, - [SHA_256] = 64, - [SHA_384] = 128, - [SHA_512] = 128, - [AES_XCBC] = 16, - [AES_CCM] = 16, - [AES_CMAC] = 16, - [AES_GMAC] = 16, - [PLAIN_SHA1] = 64, - [PLAIN_SHA_224] = 64, - [PLAIN_SHA_256] = 64, - [PLAIN_SHA_384] = 128, - [PLAIN_SHA_512] = 128 + [NULL_HASH] = 0, + [MD5] = 64, + [SHA1] = 64, + [SHA_224] = 64, + [SHA_256] = 64, + [SHA_384] = 128, + [SHA_512] = 128, + [AES_XCBC] = 16, + [AES_CCM] = 16, + [AES_CMAC] = 16, + [AES_GMAC] = 16, + [PLAIN_SHA1] = 64, + [PLAIN_SHA_224] = 64, + [PLAIN_SHA_256] = 64, + [PLAIN_SHA_384] = 128, + [PLAIN_SHA_512] = 128, +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + [IMB_AUTH_ZUC_EIA3_BITLEN] = 16 +#endif }; /** @@ -70,22 +73,25 @@ get_auth_algo_blocksize(JOB_HASH_ALG algo) } static const unsigned auth_truncated_digest_byte_lengths[] = { - [MD5] = 12, - [SHA1] = 12, - [SHA_224] = 14, - [SHA_256] = 16, - [SHA_384] = 24, - [SHA_512] = 32, - [AES_XCBC] = 12, - [AES_CMAC] = 12, - [AES_CCM] = 8, - [NULL_HASH] = 0, - [AES_GMAC] = 16, - [PLAIN_SHA1] = 20, - [PLAIN_SHA_224] = 28, - [PLAIN_SHA_256] = 32, - [PLAIN_SHA_384] = 48, - [PLAIN_SHA_512] = 64 + [MD5] = 12, + [SHA1] = 12, + [SHA_224] = 14, + [SHA_256] = 16, + [SHA_384] = 24, + [SHA_512] = 32, + [AES_XCBC] = 12, + [AES_CMAC] = 12, + [AES_CCM] = 8, + [NULL_HASH] = 0, + [AES_GMAC] = 16, + [PLAIN_SHA1] = 20, + [PLAIN_SHA_224] = 28, + [PLAIN_SHA_256] = 32, + [PLAIN_SHA_384] = 48, + [PLAIN_SHA_512] = 64, +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 +#endif }; /** @@ -102,22 +108,25 @@ get_truncated_digest_byte_length(JOB_HASH_ALG algo) } static const unsigned auth_digest_byte_lengths[] = { - [MD5] = 16, - [SHA1] = 20, - [SHA_224] = 28, - [SHA_256] = 32, - [SHA_384] = 48, - [SHA_512] = 64, - [AES_XCBC] = 16, - [AES_CMAC] = 16, - [AES_CCM] = 16, - [AES_GMAC] = 12, - [NULL_HASH] = 0, - [PLAIN_SHA1] = 20, - [PLAIN_SHA_224] = 28, - [PLAIN_SHA_256] = 32, - [PLAIN_SHA_384] = 48, - [PLAIN_SHA_512] = 64 + [MD5] = 16, + [SHA1] = 20, + [SHA_224] = 28, + [SHA_256] = 32, + [SHA_384] = 48, + [SHA_512] = 64, + [AES_XCBC] = 16, + [AES_CMAC] = 16, + [AES_CCM] = 16, + [AES_GMAC] = 12, + [NULL_HASH] = 0, + [PLAIN_SHA1] = 20, + [PLAIN_SHA_224] = 28, + [PLAIN_SHA_256] = 32, + [PLAIN_SHA_384] = 48, + [PLAIN_SHA_512] = 64, +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 +#endif /**< Vector mode dependent pointer table of the multi-buffer APIs */ }; @@ -189,6 +198,10 @@ struct aesni_mb_session { uint16_t length; uint16_t offset; } iv; + struct { + uint16_t length; + uint16_t offset; + } auth_iv; /**< IV parameters */ /** Cipher Parameters */const struct aesni_mb_op_fns *op_fns; @@ -209,19 +222,23 @@ struct aesni_mb_session { uint32_t decode[60] __rte_aligned(16); /**< decode key */ } expanded_aes_keys; + /**< Expanded AES keys - Allocating space to + * contain the maximum expanded key size which + * is 240 bytes for 256 bit AES, calculate by: + * ((key size (bytes)) * + * ((number of rounds) + 1)) + */ struct { const void *ks_ptr[3]; uint64_t key[3][16]; } exp_3des_keys; + /**< Expanded 3DES keys */ struct gcm_key_data gcm_key; + /**< Expanded GCM key */ + uint8_t zuc_cipher_key[16]; + /**< ZUC cipher key */ }; - /**< Expanded AES keys - Allocating space to - * contain the maximum expanded key size which - * is 240 bytes for 256 bit AES, calculate by: - * ((key size (bytes)) * - * ((number of rounds) + 1)) - */ } cipher; /** Authentication Parameters */ @@ -260,6 +277,8 @@ struct aesni_mb_session { /**< k3. */ } cmac; /**< Expanded XCBC authentication keys */ + uint8_t zuc_auth_key[16]; + /**< ZUC authentication key */ }; /** Generated digest size by the Multi-buffer library */ uint16_t gen_digest_len; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 1bddbcf74..54023e013 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -146,6 +146,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, return -1; } + /* Set IV parameters */ + sess->auth_iv.offset = xform->auth.iv.offset; + sess->auth_iv.length = xform->auth.iv.length; + /* Set the request digest size */ sess->auth.req_digest_len = xform->auth.digest_length; @@ -249,6 +253,22 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, return 0; } +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + if (xform->auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3) { + sess->auth.algo = IMB_AUTH_ZUC_EIA3_BITLEN; + uint16_t zuc_eia3_digest_len = + get_truncated_digest_byte_length(IMB_AUTH_ZUC_EIA3_BITLEN); + if (sess->auth.req_digest_len != zuc_eia3_digest_len) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } + sess->auth.gen_digest_len = sess->auth.req_digest_len; + + memcpy(sess->auth.zuc_auth_key, xform->auth.key.data, 16); + return 0; + } +#endif + switch (xform->auth.algo) { case RTE_CRYPTO_AUTH_MD5_HMAC: sess->auth.algo = MD5; @@ -381,6 +401,9 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, uint8_t is_aes = 0; uint8_t is_3DES = 0; uint8_t is_docsis = 0; +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + uint8_t is_zuc = 0; +#endif if (xform == NULL) { sess->cipher.mode = NULL_CIPHER; @@ -429,6 +452,12 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.mode = DES3; is_3DES = 1; break; +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + case RTE_CRYPTO_CIPHER_ZUC_EEA3: + sess->cipher.mode = IMB_CIPHER_ZUC_EEA3; + is_zuc = 1; + break; +#endif default: AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter"); return -ENOTSUP; @@ -471,7 +500,7 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.expanded_aes_keys.encode, sess->cipher.expanded_aes_keys.decode); break; -#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM case AES_256_BYTES: sess->cipher.key_length_in_bytes = AES_256_BYTES; IMB_AES_KEYEXP_256(mb_mgr, xform->cipher.key.data, @@ -527,6 +556,16 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, } sess->cipher.key_length_in_bytes = 24; +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + } else if (is_zuc) { + if (xform->cipher.key.length != 16) { + AESNI_MB_LOG(ERR, "Invalid cipher key length"); + return -EINVAL; + } + sess->cipher.key_length_in_bytes = 16; + memcpy(sess->cipher.zuc_cipher_key, xform->cipher.key.data, + 16); +#endif } else { if (xform->cipher.key.length != 8) { AESNI_MB_LOG(ERR, "Invalid cipher key length"); @@ -693,6 +732,7 @@ aesni_mb_set_session_parameters(const MB_MGR *mb_mgr, /* Default IV length = 0 */ sess->iv.length = 0; + sess->auth_iv.length = 0; ret = aesni_mb_set_session_auth_parameters(mb_mgr, sess, auth_xform); if (ret != 0) { @@ -1168,7 +1208,13 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->aes_enc_key_expanded = &session->cipher.gcm_key; job->aes_dec_key_expanded = &session->cipher.gcm_key; break; - +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + case IMB_AUTH_ZUC_EIA3_BITLEN: + job->u.ZUC_EIA3._key = session->auth.zuc_auth_key; + job->u.ZUC_EIA3._iv = rte_crypto_op_ctod_offset(op, uint8_t *, + session->auth_iv.offset); + break; +#endif default: job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner; job->u.HMAC._hashed_auth_key_xor_opad = session->auth.pads.outer; @@ -1186,6 +1232,13 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } } +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) { + job->aes_enc_key_expanded = session->cipher.zuc_cipher_key; + job->aes_dec_key_expanded = session->cipher.zuc_cipher_key; + } +#endif + if (!op->sym->m_dst) { /* in-place operation */ m_dst = m_src; @@ -1286,6 +1339,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, session->iv.offset); } +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) + job->msg_len_to_cipher_in_bytes >>= 3; +#endif + /* Set user data to be crypto operation data struct */ job->user_data = op; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 2362f0c3c..f4c4f56fe 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -497,6 +497,53 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + { /* ZUC (EIA3) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 4, + .max = 4, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { /* ZUC (EEA3) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + }, } + }, } + }, +#endif RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -- 2.25.1 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH v4 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 2020-09-21 11:45 ` [dpdk-dev] [PATCH v4 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara @ 2020-09-21 11:45 ` Pablo de Lara 2020-09-21 11:45 ` [dpdk-dev] [PATCH v4 3/3] crypto/aesni_mb: support KASUMI F8/F9 Pablo de Lara 2020-10-09 11:29 ` [dpdk-dev] [PATCH v5 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2 siblings, 0 replies; 16+ messages in thread From: Pablo de Lara @ 2020-09-21 11:45 UTC (permalink / raw) To: declan.doherty; +Cc: dev, Pablo de Lara Add support for SNOW3G-UEA2/UIA2 algorithms through the intel-ipsec-mb job API, allowing the mix of these algorithms with others. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> --- v3/v4: - Fixed compilation when intel-ipsec-mb version is lower than 0.54 v2: - Added commit description --- doc/guides/cryptodevs/aesni_mb.rst | 2 + doc/guides/cryptodevs/features/aesni_mb.ini | 2 + doc/guides/rel_notes/release_20_11.rst | 1 + .../crypto/aesni_mb/aesni_mb_pmd_private.h | 17 +++++-- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 47 ++++++++++++++++--- .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 45 ++++++++++++++++++ 6 files changed, 105 insertions(+), 9 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 0cb58bfe5..12bcafcba 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -33,6 +33,7 @@ Cipher algorithms: * RTE_CRYPTO_CIPHER_3DES_CBC * RTE_CRYPTO_CIPHER_DES_DOCSISBPI * RTE_CRYPTO_CIPHER_ZUC_EEA3 +* RTE_CRYPTO_CIPHER_SNOW3G_UEA2 Authentication algorithms: @@ -51,6 +52,7 @@ Authentication algorithms: * RTE_CRYPTO_AUTH_SHA384 * RTE_CRYPTO_AUTH_SHA512 * RTE_CRYPTO_AUTH_ZUC_EIA3 +* RTE_CRYPTO_AUTH_SNOW3G_UIA2 AEAD algorithms: diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index 47210333c..76a0fd149 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -31,6 +31,7 @@ DES CBC = Y 3DES CBC = Y DES DOCSIS BPI = Y ZUC EEA3 = Y +SNOW3G UEA2 = Y ; ; Supported authentication algorithms of the 'aesni_mb' crypto driver. @@ -51,6 +52,7 @@ AES XCBC MAC = Y AES CMAC (128) = Y AES GMAC = Y ZUC EIA3 = Y +SNOW3G UIA2 = Y ; ; Supported AEAD algorithms of the 'aesni_mb' crypto driver. diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst index 1dc822cb7..ee8dff904 100644 --- a/doc/guides/rel_notes/release_20_11.rst +++ b/doc/guides/rel_notes/release_20_11.rst @@ -58,6 +58,7 @@ New Features * **Updated the AESNI MB crypto PMD.** * Added support for ZUC-EEA3/EIA3 algorithms. + * Added support for SNOW3G-UEA2/UIA2 algorithms. Removed Items diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index 601ab9a40..85039dbf2 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -56,7 +56,8 @@ static const unsigned auth_blocksize[] = { [PLAIN_SHA_384] = 128, [PLAIN_SHA_512] = 128, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM - [IMB_AUTH_ZUC_EIA3_BITLEN] = 16 + [IMB_AUTH_ZUC_EIA3_BITLEN] = 16, + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 16 #endif }; @@ -90,7 +91,8 @@ static const unsigned auth_truncated_digest_byte_lengths[] = { [PLAIN_SHA_384] = 48, [PLAIN_SHA_512] = 64, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM - [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 + [IMB_AUTH_ZUC_EIA3_BITLEN] = 4, + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4 #endif }; @@ -125,7 +127,8 @@ static const unsigned auth_digest_byte_lengths[] = { [PLAIN_SHA_384] = 48, [PLAIN_SHA_512] = 64, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM - [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 + [IMB_AUTH_ZUC_EIA3_BITLEN] = 4, + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4 #endif /**< Vector mode dependent pointer table of the multi-buffer APIs */ @@ -238,6 +241,10 @@ struct aesni_mb_session { /**< Expanded GCM key */ uint8_t zuc_cipher_key[16]; /**< ZUC cipher key */ +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + snow3g_key_schedule_t pKeySched_snow3g_cipher; + /**< SNOW3G scheduled cipher key */ +#endif }; } cipher; @@ -279,6 +286,10 @@ struct aesni_mb_session { /**< Expanded XCBC authentication keys */ uint8_t zuc_auth_key[16]; /**< ZUC authentication key */ +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + snow3g_key_schedule_t pKeySched_snow3g_auth; + /**< SNOW3G scheduled authentication key */ +#endif }; /** Generated digest size by the Multi-buffer library */ uint16_t gen_digest_len; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 54023e013..42f89a955 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -266,6 +266,19 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, memcpy(sess->auth.zuc_auth_key, xform->auth.key.data, 16); return 0; + } else if (xform->auth.algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2) { + sess->auth.algo = IMB_AUTH_SNOW3G_UIA2_BITLEN; + uint16_t snow3g_uia2_digest_len = + get_truncated_digest_byte_length(IMB_AUTH_SNOW3G_UIA2_BITLEN); + if (sess->auth.req_digest_len != snow3g_uia2_digest_len) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } + sess->auth.gen_digest_len = sess->auth.req_digest_len; + + IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->auth.key.data, + &sess->auth.pKeySched_snow3g_auth); + return 0; } #endif @@ -403,6 +416,7 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, uint8_t is_docsis = 0; #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM uint8_t is_zuc = 0; + uint8_t is_snow3g = 0; #endif if (xform == NULL) { @@ -457,6 +471,10 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.mode = IMB_CIPHER_ZUC_EEA3; is_zuc = 1; break; + case RTE_CRYPTO_CIPHER_SNOW3G_UEA2: + sess->cipher.mode = IMB_CIPHER_SNOW3G_UEA2_BITLEN; + is_snow3g = 1; + break; #endif default: AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter"); @@ -565,6 +583,14 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.key_length_in_bytes = 16; memcpy(sess->cipher.zuc_cipher_key, xform->cipher.key.data, 16); + } else if (is_snow3g) { + if (xform->cipher.key.length != 16) { + AESNI_MB_LOG(ERR, "Invalid cipher key length"); + return -EINVAL; + } + sess->cipher.key_length_in_bytes = 16; + IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->cipher.key.data, + &sess->cipher.pKeySched_snow3g_cipher); #endif } else { if (xform->cipher.key.length != 8) { @@ -1214,6 +1240,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->u.ZUC_EIA3._iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->auth_iv.offset); break; + case IMB_AUTH_SNOW3G_UIA2_BITLEN: + job->u.SNOW3G_UIA2._key = (void *) &session->auth.pKeySched_snow3g_auth; + job->u.SNOW3G_UIA2._iv = rte_crypto_op_ctod_offset(op, uint8_t *, + session->auth_iv.offset); + break; #endif default: job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner; @@ -1232,10 +1263,19 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } } + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) + m_offset = op->sym->aead.data.offset; + else + m_offset = op->sym->cipher.data.offset; + #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) { job->aes_enc_key_expanded = session->cipher.zuc_cipher_key; job->aes_dec_key_expanded = session->cipher.zuc_cipher_key; + } else if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN) { + job->enc_keys = &session->cipher.pKeySched_snow3g_cipher; + m_offset = 0; } #endif @@ -1253,12 +1293,6 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, oop = 1; } - if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && - session->cipher.mode == GCM)) - m_offset = op->sym->aead.data.offset; - else - m_offset = op->sym->cipher.data.offset; - /* Set digest output location */ if (job->hash_alg != NULL_HASH && session->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { @@ -1327,6 +1361,7 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; default: + /* For SNOW3G, length and offsets are already in bits */ job->cipher_start_src_offset_in_bytes = op->sym->cipher.data.offset; job->msg_len_to_cipher_in_bytes = op->sym->cipher.data.length; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index f4c4f56fe..9554ff0e7 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -543,6 +543,51 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* SNOW 3G (UIA2) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 4, + .max = 4, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { /* SNOW 3G (UEA2) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, #endif RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -- 2.25.1 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH v4 3/3] crypto/aesni_mb: support KASUMI F8/F9 2020-09-21 11:45 ` [dpdk-dev] [PATCH v4 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2020-09-21 11:45 ` [dpdk-dev] [PATCH v4 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Pablo de Lara @ 2020-09-21 11:45 ` Pablo de Lara 2020-10-09 11:29 ` [dpdk-dev] [PATCH v5 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2 siblings, 0 replies; 16+ messages in thread From: Pablo de Lara @ 2020-09-21 11:45 UTC (permalink / raw) To: declan.doherty; +Cc: dev, Pablo de Lara Add support for KASUMI-F8/F9 algorithms through the intel-ipsec-mb job API, allowing the mix of these algorithms with others. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> --- v3/v4: - Fixed compilation when intel-ipsec-mb version is lower than 0.54 v2: - Added commit description --- doc/guides/cryptodevs/aesni_mb.rst | 2 + doc/guides/cryptodevs/features/aesni_mb.ini | 2 + doc/guides/rel_notes/release_20_11.rst | 1 + .../crypto/aesni_mb/aesni_mb_pmd_private.h | 13 ++++-- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 34 +++++++++++++++ .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 41 +++++++++++++++++++ 6 files changed, 90 insertions(+), 3 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 12bcafcba..85c462e62 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -34,6 +34,7 @@ Cipher algorithms: * RTE_CRYPTO_CIPHER_DES_DOCSISBPI * RTE_CRYPTO_CIPHER_ZUC_EEA3 * RTE_CRYPTO_CIPHER_SNOW3G_UEA2 +* RTE_CRYPTO_CIPHER_KASUMI_F8 Authentication algorithms: @@ -53,6 +54,7 @@ Authentication algorithms: * RTE_CRYPTO_AUTH_SHA512 * RTE_CRYPTO_AUTH_ZUC_EIA3 * RTE_CRYPTO_AUTH_SNOW3G_UIA2 +* RTE_CRYPTO_AUTH_KASUMI_F9 AEAD algorithms: diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index 76a0fd149..f70adcec9 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -32,6 +32,7 @@ DES CBC = Y DES DOCSIS BPI = Y ZUC EEA3 = Y SNOW3G UEA2 = Y +KASUMI F8 = Y ; ; Supported authentication algorithms of the 'aesni_mb' crypto driver. @@ -53,6 +54,7 @@ AES CMAC (128) = Y AES GMAC = Y ZUC EIA3 = Y SNOW3G UIA2 = Y +KASUMI F9 = Y ; ; Supported AEAD algorithms of the 'aesni_mb' crypto driver. diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst index ee8dff904..2b6370025 100644 --- a/doc/guides/rel_notes/release_20_11.rst +++ b/doc/guides/rel_notes/release_20_11.rst @@ -59,6 +59,7 @@ New Features * Added support for ZUC-EEA3/EIA3 algorithms. * Added support for SNOW3G-UEA2/UIA2 algorithms. + * Added support for KASUMI-F8/F9 algorithms. Removed Items diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index 85039dbf2..9693bf985 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -57,7 +57,8 @@ static const unsigned auth_blocksize[] = { [PLAIN_SHA_512] = 128, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM [IMB_AUTH_ZUC_EIA3_BITLEN] = 16, - [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 16 + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 16, + [IMB_AUTH_KASUMI_UIA1] = 16 #endif }; @@ -92,7 +93,8 @@ static const unsigned auth_truncated_digest_byte_lengths[] = { [PLAIN_SHA_512] = 64, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM [IMB_AUTH_ZUC_EIA3_BITLEN] = 4, - [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4 + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4, + [IMB_AUTH_KASUMI_UIA1] = 4 #endif }; @@ -128,7 +130,8 @@ static const unsigned auth_digest_byte_lengths[] = { [PLAIN_SHA_512] = 64, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM [IMB_AUTH_ZUC_EIA3_BITLEN] = 4, - [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4 + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4, + [IMB_AUTH_KASUMI_UIA1] = 4 #endif /**< Vector mode dependent pointer table of the multi-buffer APIs */ @@ -244,6 +247,8 @@ struct aesni_mb_session { #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM snow3g_key_schedule_t pKeySched_snow3g_cipher; /**< SNOW3G scheduled cipher key */ + kasumi_key_sched_t pKeySched_kasumi_cipher; + /**< KASUMI scheduled cipher key */ #endif }; } cipher; @@ -289,6 +294,8 @@ struct aesni_mb_session { #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM snow3g_key_schedule_t pKeySched_snow3g_auth; /**< SNOW3G scheduled authentication key */ + kasumi_key_sched_t pKeySched_kasumi_auth; + /**< KASUMI scheduled authentication key */ #endif }; /** Generated digest size by the Multi-buffer library */ diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 42f89a955..df4d86d0f 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -279,6 +279,19 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->auth.key.data, &sess->auth.pKeySched_snow3g_auth); return 0; + } else if (xform->auth.algo == RTE_CRYPTO_AUTH_KASUMI_F9) { + sess->auth.algo = IMB_AUTH_KASUMI_UIA1; + uint16_t kasumi_f9_digest_len = + get_truncated_digest_byte_length(IMB_AUTH_KASUMI_UIA1); + if (sess->auth.req_digest_len != kasumi_f9_digest_len) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } + sess->auth.gen_digest_len = sess->auth.req_digest_len; + + IMB_KASUMI_INIT_F9_KEY_SCHED(mb_mgr, xform->auth.key.data, + &sess->auth.pKeySched_kasumi_auth); + return 0; } #endif @@ -417,6 +430,7 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM uint8_t is_zuc = 0; uint8_t is_snow3g = 0; + uint8_t is_kasumi = 0; #endif if (xform == NULL) { @@ -475,6 +489,10 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.mode = IMB_CIPHER_SNOW3G_UEA2_BITLEN; is_snow3g = 1; break; + case RTE_CRYPTO_CIPHER_KASUMI_F8: + sess->cipher.mode = IMB_CIPHER_KASUMI_UEA1_BITLEN; + is_kasumi = 1; + break; #endif default: AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter"); @@ -591,6 +609,14 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.key_length_in_bytes = 16; IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->cipher.key.data, &sess->cipher.pKeySched_snow3g_cipher); + } else if (is_kasumi) { + if (xform->cipher.key.length != 16) { + AESNI_MB_LOG(ERR, "Invalid cipher key length"); + return -EINVAL; + } + sess->cipher.key_length_in_bytes = 16; + IMB_KASUMI_INIT_F8_KEY_SCHED(mb_mgr, xform->cipher.key.data, + &sess->cipher.pKeySched_kasumi_cipher); #endif } else { if (xform->cipher.key.length != 8) { @@ -1245,6 +1271,9 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->u.SNOW3G_UIA2._iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->auth_iv.offset); break; + case IMB_AUTH_KASUMI_UIA1: + job->u.KASUMI_UIA1._key = (void *) &session->auth.pKeySched_kasumi_auth; + break; #endif default: job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner; @@ -1276,6 +1305,9 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } else if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN) { job->enc_keys = &session->cipher.pKeySched_snow3g_cipher; m_offset = 0; + } else if (job->cipher_mode == IMB_CIPHER_KASUMI_UEA1_BITLEN) { + job->enc_keys = &session->cipher.pKeySched_kasumi_cipher; + m_offset = 0; } #endif @@ -1377,6 +1409,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) job->msg_len_to_cipher_in_bytes >>= 3; + else if (job->hash_alg == IMB_AUTH_KASUMI_UIA1) + job->msg_len_to_hash_in_bytes >>= 3; #endif /* Set user data to be crypto operation data struct */ diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 9554ff0e7..7f5ef66c5 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -588,6 +588,47 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* KASUMI (F9) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_KASUMI_F9, + .block_size = 8, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 4, + .max = 4, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* KASUMI (F8) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_KASUMI_F8, + .block_size = 8, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 8, + .max = 8, + .increment = 0 + } + }, } + }, } + }, #endif RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -- 2.25.1 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH v5 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 2020-09-21 11:45 ` [dpdk-dev] [PATCH v4 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2020-09-21 11:45 ` [dpdk-dev] [PATCH v4 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Pablo de Lara 2020-09-21 11:45 ` [dpdk-dev] [PATCH v4 3/3] crypto/aesni_mb: support KASUMI F8/F9 Pablo de Lara @ 2020-10-09 11:29 ` Pablo de Lara 2020-10-09 11:29 ` [dpdk-dev] [PATCH v5 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Pablo de Lara ` (2 more replies) 2 siblings, 3 replies; 16+ messages in thread From: Pablo de Lara @ 2020-10-09 11:29 UTC (permalink / raw) To: declan.doherty; +Cc: dev, Pablo de Lara Add support for ZUC-EEA3/EIA3 algorithms through the intel-ipsec-mb job API, allowing the mix of these algorithms with others. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> --- v5: - Added NON_BYTE_ALIGNED feature flag - Rebased on top of crypto subtree v3/v4: - No changes v2: - Added commit description - Fixed checkpatch issues --- doc/guides/cryptodevs/aesni_mb.rst | 30 +++-- doc/guides/cryptodevs/features/aesni_mb.ini | 2 + doc/guides/rel_notes/release_20_11.rst | 5 +- .../crypto/aesni_mb/aesni_mb_pmd_private.h | 127 ++++++++++-------- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 63 ++++++++- .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 47 +++++++ 6 files changed, 202 insertions(+), 72 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 69d69ff31..9d34803df 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -35,23 +35,25 @@ Cipher algorithms: * RTE_CRYPTO_CIPHER_AES128_ECB * RTE_CRYPTO_CIPHER_AES192_ECB * RTE_CRYPTO_CIPHER_AES256_ECB +* RTE_CRYPTO_CIPHER_ZUC_EEA3 Hash algorithms: -* RTE_CRYPTO_HASH_MD5_HMAC -* RTE_CRYPTO_HASH_SHA1_HMAC -* RTE_CRYPTO_HASH_SHA224_HMAC -* RTE_CRYPTO_HASH_SHA256_HMAC -* RTE_CRYPTO_HASH_SHA384_HMAC -* RTE_CRYPTO_HASH_SHA512_HMAC -* RTE_CRYPTO_HASH_AES_XCBC_HMAC -* RTE_CRYPTO_HASH_AES_CMAC -* RTE_CRYPTO_HASH_AES_GMAC -* RTE_CRYPTO_HASH_SHA1 -* RTE_CRYPTO_HASH_SHA224 -* RTE_CRYPTO_HASH_SHA256 -* RTE_CRYPTO_HASH_SHA384 -* RTE_CRYPTO_HASH_SHA512 +* RTE_CRYPTO_AUTH_MD5_HMAC +* RTE_CRYPTO_AUTH_SHA1_HMAC +* RTE_CRYPTO_AUTH_SHA224_HMAC +* RTE_CRYPTO_AUTH_SHA256_HMAC +* RTE_CRYPTO_AUTH_SHA384_HMAC +* RTE_CRYPTO_AUTH_SHA512_HMAC +* RTE_CRYPTO_AUTH_AES_XCBC_HMAC +* RTE_CRYPTO_AUTH_AES_CMAC +* RTE_CRYPTO_AUTH_AES_GMAC +* RTE_CRYPTO_AUTH_SHA1 +* RTE_CRYPTO_AUTH_SHA224 +* RTE_CRYPTO_AUTH_SHA256 +* RTE_CRYPTO_AUTH_SHA384 +* RTE_CRYPTO_AUTH_SHA512 +* RTE_CRYPTO_AUTH_ZUC_EIA3 AEAD algorithms: diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index 126b3a496..1b5c2bea2 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -33,6 +33,7 @@ DES DOCSIS BPI = Y AES ECB (128) = Y AES ECB (192) = Y AES ECB (256) = Y +ZUC EEA3 = Y ; ; Supported authentication algorithms of the 'aesni_mb' crypto driver. @@ -52,6 +53,7 @@ SHA512 HMAC = Y AES XCBC MAC = Y AES CMAC (128) = Y AES GMAC = Y +ZUC EIA3 = Y ; ; Supported AEAD algorithms of the 'aesni_mb' crypto driver. diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst index e58d191fe..512e98993 100644 --- a/doc/guides/rel_notes/release_20_11.rst +++ b/doc/guides/rel_notes/release_20_11.rst @@ -74,9 +74,10 @@ New Features * Added SR-IOV PF support -* **Added support for AES-ECB in aesni_mb crypto PMD.** +* **Updated the aesni_mb crypto PMD.** - * Added support for AES-ECB 128, 192 and 256 in aesni_mb PMD. + * Added support for AES-ECB 128, 192 and 256. + * Added support for ZUC-EEA3/EIA3 algorithms. * **Added Intel ACC100 bbdev PMD.** diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index e0c7b4f7c..601ab9a40 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -39,22 +39,25 @@ extern int aesni_mb_logtype_driver; /* Maximum length for digest */ #define DIGEST_LENGTH_MAX 64 static const unsigned auth_blocksize[] = { - [NULL_HASH] = 0, - [MD5] = 64, - [SHA1] = 64, - [SHA_224] = 64, - [SHA_256] = 64, - [SHA_384] = 128, - [SHA_512] = 128, - [AES_XCBC] = 16, - [AES_CCM] = 16, - [AES_CMAC] = 16, - [AES_GMAC] = 16, - [PLAIN_SHA1] = 64, - [PLAIN_SHA_224] = 64, - [PLAIN_SHA_256] = 64, - [PLAIN_SHA_384] = 128, - [PLAIN_SHA_512] = 128 + [NULL_HASH] = 0, + [MD5] = 64, + [SHA1] = 64, + [SHA_224] = 64, + [SHA_256] = 64, + [SHA_384] = 128, + [SHA_512] = 128, + [AES_XCBC] = 16, + [AES_CCM] = 16, + [AES_CMAC] = 16, + [AES_GMAC] = 16, + [PLAIN_SHA1] = 64, + [PLAIN_SHA_224] = 64, + [PLAIN_SHA_256] = 64, + [PLAIN_SHA_384] = 128, + [PLAIN_SHA_512] = 128, +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + [IMB_AUTH_ZUC_EIA3_BITLEN] = 16 +#endif }; /** @@ -70,22 +73,25 @@ get_auth_algo_blocksize(JOB_HASH_ALG algo) } static const unsigned auth_truncated_digest_byte_lengths[] = { - [MD5] = 12, - [SHA1] = 12, - [SHA_224] = 14, - [SHA_256] = 16, - [SHA_384] = 24, - [SHA_512] = 32, - [AES_XCBC] = 12, - [AES_CMAC] = 12, - [AES_CCM] = 8, - [NULL_HASH] = 0, - [AES_GMAC] = 16, - [PLAIN_SHA1] = 20, - [PLAIN_SHA_224] = 28, - [PLAIN_SHA_256] = 32, - [PLAIN_SHA_384] = 48, - [PLAIN_SHA_512] = 64 + [MD5] = 12, + [SHA1] = 12, + [SHA_224] = 14, + [SHA_256] = 16, + [SHA_384] = 24, + [SHA_512] = 32, + [AES_XCBC] = 12, + [AES_CMAC] = 12, + [AES_CCM] = 8, + [NULL_HASH] = 0, + [AES_GMAC] = 16, + [PLAIN_SHA1] = 20, + [PLAIN_SHA_224] = 28, + [PLAIN_SHA_256] = 32, + [PLAIN_SHA_384] = 48, + [PLAIN_SHA_512] = 64, +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 +#endif }; /** @@ -102,22 +108,25 @@ get_truncated_digest_byte_length(JOB_HASH_ALG algo) } static const unsigned auth_digest_byte_lengths[] = { - [MD5] = 16, - [SHA1] = 20, - [SHA_224] = 28, - [SHA_256] = 32, - [SHA_384] = 48, - [SHA_512] = 64, - [AES_XCBC] = 16, - [AES_CMAC] = 16, - [AES_CCM] = 16, - [AES_GMAC] = 12, - [NULL_HASH] = 0, - [PLAIN_SHA1] = 20, - [PLAIN_SHA_224] = 28, - [PLAIN_SHA_256] = 32, - [PLAIN_SHA_384] = 48, - [PLAIN_SHA_512] = 64 + [MD5] = 16, + [SHA1] = 20, + [SHA_224] = 28, + [SHA_256] = 32, + [SHA_384] = 48, + [SHA_512] = 64, + [AES_XCBC] = 16, + [AES_CMAC] = 16, + [AES_CCM] = 16, + [AES_GMAC] = 12, + [NULL_HASH] = 0, + [PLAIN_SHA1] = 20, + [PLAIN_SHA_224] = 28, + [PLAIN_SHA_256] = 32, + [PLAIN_SHA_384] = 48, + [PLAIN_SHA_512] = 64, +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 +#endif /**< Vector mode dependent pointer table of the multi-buffer APIs */ }; @@ -189,6 +198,10 @@ struct aesni_mb_session { uint16_t length; uint16_t offset; } iv; + struct { + uint16_t length; + uint16_t offset; + } auth_iv; /**< IV parameters */ /** Cipher Parameters */const struct aesni_mb_op_fns *op_fns; @@ -209,19 +222,23 @@ struct aesni_mb_session { uint32_t decode[60] __rte_aligned(16); /**< decode key */ } expanded_aes_keys; + /**< Expanded AES keys - Allocating space to + * contain the maximum expanded key size which + * is 240 bytes for 256 bit AES, calculate by: + * ((key size (bytes)) * + * ((number of rounds) + 1)) + */ struct { const void *ks_ptr[3]; uint64_t key[3][16]; } exp_3des_keys; + /**< Expanded 3DES keys */ struct gcm_key_data gcm_key; + /**< Expanded GCM key */ + uint8_t zuc_cipher_key[16]; + /**< ZUC cipher key */ }; - /**< Expanded AES keys - Allocating space to - * contain the maximum expanded key size which - * is 240 bytes for 256 bit AES, calculate by: - * ((key size (bytes)) * - * ((number of rounds) + 1)) - */ } cipher; /** Authentication Parameters */ @@ -260,6 +277,8 @@ struct aesni_mb_session { /**< k3. */ } cmac; /**< Expanded XCBC authentication keys */ + uint8_t zuc_auth_key[16]; + /**< ZUC authentication key */ }; /** Generated digest size by the Multi-buffer library */ uint16_t gen_digest_len; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index e49428358..dbd79d5dc 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -146,6 +146,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, return -1; } + /* Set IV parameters */ + sess->auth_iv.offset = xform->auth.iv.offset; + sess->auth_iv.length = xform->auth.iv.length; + /* Set the request digest size */ sess->auth.req_digest_len = xform->auth.digest_length; @@ -249,6 +253,22 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, return 0; } +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + if (xform->auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3) { + sess->auth.algo = IMB_AUTH_ZUC_EIA3_BITLEN; + uint16_t zuc_eia3_digest_len = + get_truncated_digest_byte_length(IMB_AUTH_ZUC_EIA3_BITLEN); + if (sess->auth.req_digest_len != zuc_eia3_digest_len) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } + sess->auth.gen_digest_len = sess->auth.req_digest_len; + + memcpy(sess->auth.zuc_auth_key, xform->auth.key.data, 16); + return 0; + } +#endif + switch (xform->auth.algo) { case RTE_CRYPTO_AUTH_MD5_HMAC: sess->auth.algo = MD5; @@ -381,6 +401,9 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, uint8_t is_aes = 0; uint8_t is_3DES = 0; uint8_t is_docsis = 0; +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + uint8_t is_zuc = 0; +#endif if (xform == NULL) { sess->cipher.mode = NULL_CIPHER; @@ -434,6 +457,12 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.mode = ECB; is_aes = 1; break; +#endif +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + case RTE_CRYPTO_CIPHER_ZUC_EEA3: + sess->cipher.mode = IMB_CIPHER_ZUC_EEA3; + is_zuc = 1; + break; #endif default: AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter"); @@ -477,7 +506,7 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.expanded_aes_keys.encode, sess->cipher.expanded_aes_keys.decode); break; -#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM case AES_256_BYTES: sess->cipher.key_length_in_bytes = AES_256_BYTES; IMB_AES_KEYEXP_256(mb_mgr, xform->cipher.key.data, @@ -533,6 +562,16 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, } sess->cipher.key_length_in_bytes = 24; +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + } else if (is_zuc) { + if (xform->cipher.key.length != 16) { + AESNI_MB_LOG(ERR, "Invalid cipher key length"); + return -EINVAL; + } + sess->cipher.key_length_in_bytes = 16; + memcpy(sess->cipher.zuc_cipher_key, xform->cipher.key.data, + 16); +#endif } else { if (xform->cipher.key.length != 8) { AESNI_MB_LOG(ERR, "Invalid cipher key length"); @@ -699,6 +738,7 @@ aesni_mb_set_session_parameters(const MB_MGR *mb_mgr, /* Default IV length = 0 */ sess->iv.length = 0; + sess->auth_iv.length = 0; ret = aesni_mb_set_session_auth_parameters(mb_mgr, sess, auth_xform); if (ret != 0) { @@ -1174,7 +1214,13 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->aes_enc_key_expanded = &session->cipher.gcm_key; job->aes_dec_key_expanded = &session->cipher.gcm_key; break; - +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + case IMB_AUTH_ZUC_EIA3_BITLEN: + job->u.ZUC_EIA3._key = session->auth.zuc_auth_key; + job->u.ZUC_EIA3._iv = rte_crypto_op_ctod_offset(op, uint8_t *, + session->auth_iv.offset); + break; +#endif default: job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner; job->u.HMAC._hashed_auth_key_xor_opad = session->auth.pads.outer; @@ -1192,6 +1238,13 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } } +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) { + job->aes_enc_key_expanded = session->cipher.zuc_cipher_key; + job->aes_dec_key_expanded = session->cipher.zuc_cipher_key; + } +#endif + if (!op->sym->m_dst) { /* in-place operation */ m_dst = m_src; @@ -1292,6 +1345,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, session->iv.offset); } +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) + job->msg_len_to_cipher_in_bytes >>= 3; +#endif + /* Set user data to be crypto operation data struct */ job->user_data = op; @@ -1915,6 +1973,7 @@ cryptodev_aesni_mb_create(const char *name, RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO | + RTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA | RTE_CRYPTODEV_FF_SYM_SESSIONLESS; #ifdef AESNI_MB_DOCSIS_SEC_ENABLED diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index ccec4ebd0..0ada3b9e1 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -514,6 +514,53 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, +#endif +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + { /* ZUC (EIA3) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 4, + .max = 4, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { /* ZUC (EEA3) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + }, } + }, } + }, #endif RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -- 2.25.1 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH v5 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 2020-10-09 11:29 ` [dpdk-dev] [PATCH v5 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara @ 2020-10-09 11:29 ` Pablo de Lara 2020-10-09 11:29 ` [dpdk-dev] [PATCH v5 3/3] crypto/aesni_mb: support KASUMI F8/F9 Pablo de Lara 2020-10-09 14:11 ` [dpdk-dev] [PATCH v5 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Akhil Goyal 2 siblings, 0 replies; 16+ messages in thread From: Pablo de Lara @ 2020-10-09 11:29 UTC (permalink / raw) To: declan.doherty; +Cc: dev, Pablo de Lara Add support for SNOW3G-UEA2/UIA2 algorithms through the intel-ipsec-mb job API, allowing the mix of these algorithms with others. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> --- v5: - Rebased on top of crypto subtree v3/v4: - Fixed compilation when intel-ipsec-mb version is lower than 0.54 v2: - Added commit description --- doc/guides/cryptodevs/aesni_mb.rst | 2 + doc/guides/cryptodevs/features/aesni_mb.ini | 2 + doc/guides/rel_notes/release_20_11.rst | 1 + .../crypto/aesni_mb/aesni_mb_pmd_private.h | 17 +++++-- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 47 ++++++++++++++++--- .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 45 ++++++++++++++++++ 6 files changed, 105 insertions(+), 9 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 9d34803df..18631f6db 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -36,6 +36,7 @@ Cipher algorithms: * RTE_CRYPTO_CIPHER_AES192_ECB * RTE_CRYPTO_CIPHER_AES256_ECB * RTE_CRYPTO_CIPHER_ZUC_EEA3 +* RTE_CRYPTO_CIPHER_SNOW3G_UEA2 Hash algorithms: @@ -54,6 +55,7 @@ Hash algorithms: * RTE_CRYPTO_AUTH_SHA384 * RTE_CRYPTO_AUTH_SHA512 * RTE_CRYPTO_AUTH_ZUC_EIA3 +* RTE_CRYPTO_AUTH_SNOW3G_UIA2 AEAD algorithms: diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index 1b5c2bea2..ea37a6a58 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -34,6 +34,7 @@ AES ECB (128) = Y AES ECB (192) = Y AES ECB (256) = Y ZUC EEA3 = Y +SNOW3G UEA2 = Y ; ; Supported authentication algorithms of the 'aesni_mb' crypto driver. @@ -54,6 +55,7 @@ AES XCBC MAC = Y AES CMAC (128) = Y AES GMAC = Y ZUC EIA3 = Y +SNOW3G UIA2 = Y ; ; Supported AEAD algorithms of the 'aesni_mb' crypto driver. diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst index 512e98993..da2fe9e44 100644 --- a/doc/guides/rel_notes/release_20_11.rst +++ b/doc/guides/rel_notes/release_20_11.rst @@ -78,6 +78,7 @@ New Features * Added support for AES-ECB 128, 192 and 256. * Added support for ZUC-EEA3/EIA3 algorithms. + * Added support for SNOW3G-UEA2/UIA2 algorithms. * **Added Intel ACC100 bbdev PMD.** diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index 601ab9a40..85039dbf2 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -56,7 +56,8 @@ static const unsigned auth_blocksize[] = { [PLAIN_SHA_384] = 128, [PLAIN_SHA_512] = 128, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM - [IMB_AUTH_ZUC_EIA3_BITLEN] = 16 + [IMB_AUTH_ZUC_EIA3_BITLEN] = 16, + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 16 #endif }; @@ -90,7 +91,8 @@ static const unsigned auth_truncated_digest_byte_lengths[] = { [PLAIN_SHA_384] = 48, [PLAIN_SHA_512] = 64, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM - [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 + [IMB_AUTH_ZUC_EIA3_BITLEN] = 4, + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4 #endif }; @@ -125,7 +127,8 @@ static const unsigned auth_digest_byte_lengths[] = { [PLAIN_SHA_384] = 48, [PLAIN_SHA_512] = 64, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM - [IMB_AUTH_ZUC_EIA3_BITLEN] = 4 + [IMB_AUTH_ZUC_EIA3_BITLEN] = 4, + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4 #endif /**< Vector mode dependent pointer table of the multi-buffer APIs */ @@ -238,6 +241,10 @@ struct aesni_mb_session { /**< Expanded GCM key */ uint8_t zuc_cipher_key[16]; /**< ZUC cipher key */ +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + snow3g_key_schedule_t pKeySched_snow3g_cipher; + /**< SNOW3G scheduled cipher key */ +#endif }; } cipher; @@ -279,6 +286,10 @@ struct aesni_mb_session { /**< Expanded XCBC authentication keys */ uint8_t zuc_auth_key[16]; /**< ZUC authentication key */ +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM + snow3g_key_schedule_t pKeySched_snow3g_auth; + /**< SNOW3G scheduled authentication key */ +#endif }; /** Generated digest size by the Multi-buffer library */ uint16_t gen_digest_len; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index dbd79d5dc..bb917b8ff 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -266,6 +266,19 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, memcpy(sess->auth.zuc_auth_key, xform->auth.key.data, 16); return 0; + } else if (xform->auth.algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2) { + sess->auth.algo = IMB_AUTH_SNOW3G_UIA2_BITLEN; + uint16_t snow3g_uia2_digest_len = + get_truncated_digest_byte_length(IMB_AUTH_SNOW3G_UIA2_BITLEN); + if (sess->auth.req_digest_len != snow3g_uia2_digest_len) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } + sess->auth.gen_digest_len = sess->auth.req_digest_len; + + IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->auth.key.data, + &sess->auth.pKeySched_snow3g_auth); + return 0; } #endif @@ -403,6 +416,7 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, uint8_t is_docsis = 0; #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM uint8_t is_zuc = 0; + uint8_t is_snow3g = 0; #endif if (xform == NULL) { @@ -463,6 +477,10 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.mode = IMB_CIPHER_ZUC_EEA3; is_zuc = 1; break; + case RTE_CRYPTO_CIPHER_SNOW3G_UEA2: + sess->cipher.mode = IMB_CIPHER_SNOW3G_UEA2_BITLEN; + is_snow3g = 1; + break; #endif default: AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter"); @@ -571,6 +589,14 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.key_length_in_bytes = 16; memcpy(sess->cipher.zuc_cipher_key, xform->cipher.key.data, 16); + } else if (is_snow3g) { + if (xform->cipher.key.length != 16) { + AESNI_MB_LOG(ERR, "Invalid cipher key length"); + return -EINVAL; + } + sess->cipher.key_length_in_bytes = 16; + IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->cipher.key.data, + &sess->cipher.pKeySched_snow3g_cipher); #endif } else { if (xform->cipher.key.length != 8) { @@ -1220,6 +1246,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->u.ZUC_EIA3._iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->auth_iv.offset); break; + case IMB_AUTH_SNOW3G_UIA2_BITLEN: + job->u.SNOW3G_UIA2._key = (void *) &session->auth.pKeySched_snow3g_auth; + job->u.SNOW3G_UIA2._iv = rte_crypto_op_ctod_offset(op, uint8_t *, + session->auth_iv.offset); + break; #endif default: job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner; @@ -1238,10 +1269,19 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } } + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) + m_offset = op->sym->aead.data.offset; + else + m_offset = op->sym->cipher.data.offset; + #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) { job->aes_enc_key_expanded = session->cipher.zuc_cipher_key; job->aes_dec_key_expanded = session->cipher.zuc_cipher_key; + } else if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN) { + job->enc_keys = &session->cipher.pKeySched_snow3g_cipher; + m_offset = 0; } #endif @@ -1259,12 +1299,6 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, oop = 1; } - if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && - session->cipher.mode == GCM)) - m_offset = op->sym->aead.data.offset; - else - m_offset = op->sym->cipher.data.offset; - /* Set digest output location */ if (job->hash_alg != NULL_HASH && session->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { @@ -1333,6 +1367,7 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; default: + /* For SNOW3G, length and offsets are already in bits */ job->cipher_start_src_offset_in_bytes = op->sym->cipher.data.offset; job->msg_len_to_cipher_in_bytes = op->sym->cipher.data.length; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 0ada3b9e1..2b236b754 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -561,6 +561,51 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* SNOW 3G (UIA2) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 4, + .max = 4, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { /* SNOW 3G (UEA2) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, #endif RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -- 2.25.1 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH v5 3/3] crypto/aesni_mb: support KASUMI F8/F9 2020-10-09 11:29 ` [dpdk-dev] [PATCH v5 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2020-10-09 11:29 ` [dpdk-dev] [PATCH v5 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Pablo de Lara @ 2020-10-09 11:29 ` Pablo de Lara 2020-10-09 14:11 ` [dpdk-dev] [PATCH v5 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Akhil Goyal 2 siblings, 0 replies; 16+ messages in thread From: Pablo de Lara @ 2020-10-09 11:29 UTC (permalink / raw) To: declan.doherty; +Cc: dev, Pablo de Lara Add support for KASUMI-F8/F9 algorithms through the intel-ipsec-mb job API, allowing the mix of these algorithms with others. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> --- v5: - Rebased on top of crypto subtree v3/v4: - Fixed compilation when intel-ipsec-mb version is lower than 0.54 v2: - Added commit description --- doc/guides/cryptodevs/aesni_mb.rst | 2 + doc/guides/cryptodevs/features/aesni_mb.ini | 2 + doc/guides/rel_notes/release_20_11.rst | 1 + .../crypto/aesni_mb/aesni_mb_pmd_private.h | 13 ++++-- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 34 +++++++++++++++ .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 41 +++++++++++++++++++ 6 files changed, 90 insertions(+), 3 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 18631f6db..abc10fbda 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -37,6 +37,7 @@ Cipher algorithms: * RTE_CRYPTO_CIPHER_AES256_ECB * RTE_CRYPTO_CIPHER_ZUC_EEA3 * RTE_CRYPTO_CIPHER_SNOW3G_UEA2 +* RTE_CRYPTO_CIPHER_KASUMI_F8 Hash algorithms: @@ -56,6 +57,7 @@ Hash algorithms: * RTE_CRYPTO_AUTH_SHA512 * RTE_CRYPTO_AUTH_ZUC_EIA3 * RTE_CRYPTO_AUTH_SNOW3G_UIA2 +* RTE_CRYPTO_AUTH_KASUMI_F9 AEAD algorithms: diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index ea37a6a58..356139d46 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -35,6 +35,7 @@ AES ECB (192) = Y AES ECB (256) = Y ZUC EEA3 = Y SNOW3G UEA2 = Y +KASUMI F8 = Y ; ; Supported authentication algorithms of the 'aesni_mb' crypto driver. @@ -56,6 +57,7 @@ AES CMAC (128) = Y AES GMAC = Y ZUC EIA3 = Y SNOW3G UIA2 = Y +KASUMI F9 = Y ; ; Supported AEAD algorithms of the 'aesni_mb' crypto driver. diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst index da2fe9e44..015cea576 100644 --- a/doc/guides/rel_notes/release_20_11.rst +++ b/doc/guides/rel_notes/release_20_11.rst @@ -79,6 +79,7 @@ New Features * Added support for AES-ECB 128, 192 and 256. * Added support for ZUC-EEA3/EIA3 algorithms. * Added support for SNOW3G-UEA2/UIA2 algorithms. + * Added support for KASUMI-F8/F9 algorithms. * **Added Intel ACC100 bbdev PMD.** diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index 85039dbf2..9693bf985 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -57,7 +57,8 @@ static const unsigned auth_blocksize[] = { [PLAIN_SHA_512] = 128, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM [IMB_AUTH_ZUC_EIA3_BITLEN] = 16, - [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 16 + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 16, + [IMB_AUTH_KASUMI_UIA1] = 16 #endif }; @@ -92,7 +93,8 @@ static const unsigned auth_truncated_digest_byte_lengths[] = { [PLAIN_SHA_512] = 64, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM [IMB_AUTH_ZUC_EIA3_BITLEN] = 4, - [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4 + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4, + [IMB_AUTH_KASUMI_UIA1] = 4 #endif }; @@ -128,7 +130,8 @@ static const unsigned auth_digest_byte_lengths[] = { [PLAIN_SHA_512] = 64, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM [IMB_AUTH_ZUC_EIA3_BITLEN] = 4, - [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4 + [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4, + [IMB_AUTH_KASUMI_UIA1] = 4 #endif /**< Vector mode dependent pointer table of the multi-buffer APIs */ @@ -244,6 +247,8 @@ struct aesni_mb_session { #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM snow3g_key_schedule_t pKeySched_snow3g_cipher; /**< SNOW3G scheduled cipher key */ + kasumi_key_sched_t pKeySched_kasumi_cipher; + /**< KASUMI scheduled cipher key */ #endif }; } cipher; @@ -289,6 +294,8 @@ struct aesni_mb_session { #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM snow3g_key_schedule_t pKeySched_snow3g_auth; /**< SNOW3G scheduled authentication key */ + kasumi_key_sched_t pKeySched_kasumi_auth; + /**< KASUMI scheduled authentication key */ #endif }; /** Generated digest size by the Multi-buffer library */ diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index bb917b8ff..34a39ca99 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -279,6 +279,19 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->auth.key.data, &sess->auth.pKeySched_snow3g_auth); return 0; + } else if (xform->auth.algo == RTE_CRYPTO_AUTH_KASUMI_F9) { + sess->auth.algo = IMB_AUTH_KASUMI_UIA1; + uint16_t kasumi_f9_digest_len = + get_truncated_digest_byte_length(IMB_AUTH_KASUMI_UIA1); + if (sess->auth.req_digest_len != kasumi_f9_digest_len) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } + sess->auth.gen_digest_len = sess->auth.req_digest_len; + + IMB_KASUMI_INIT_F9_KEY_SCHED(mb_mgr, xform->auth.key.data, + &sess->auth.pKeySched_kasumi_auth); + return 0; } #endif @@ -417,6 +430,7 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM uint8_t is_zuc = 0; uint8_t is_snow3g = 0; + uint8_t is_kasumi = 0; #endif if (xform == NULL) { @@ -481,6 +495,10 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.mode = IMB_CIPHER_SNOW3G_UEA2_BITLEN; is_snow3g = 1; break; + case RTE_CRYPTO_CIPHER_KASUMI_F8: + sess->cipher.mode = IMB_CIPHER_KASUMI_UEA1_BITLEN; + is_kasumi = 1; + break; #endif default: AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter"); @@ -597,6 +615,14 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr, sess->cipher.key_length_in_bytes = 16; IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->cipher.key.data, &sess->cipher.pKeySched_snow3g_cipher); + } else if (is_kasumi) { + if (xform->cipher.key.length != 16) { + AESNI_MB_LOG(ERR, "Invalid cipher key length"); + return -EINVAL; + } + sess->cipher.key_length_in_bytes = 16; + IMB_KASUMI_INIT_F8_KEY_SCHED(mb_mgr, xform->cipher.key.data, + &sess->cipher.pKeySched_kasumi_cipher); #endif } else { if (xform->cipher.key.length != 8) { @@ -1251,6 +1277,9 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->u.SNOW3G_UIA2._iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->auth_iv.offset); break; + case IMB_AUTH_KASUMI_UIA1: + job->u.KASUMI_UIA1._key = (void *) &session->auth.pKeySched_kasumi_auth; + break; #endif default: job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner; @@ -1282,6 +1311,9 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } else if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN) { job->enc_keys = &session->cipher.pKeySched_snow3g_cipher; m_offset = 0; + } else if (job->cipher_mode == IMB_CIPHER_KASUMI_UEA1_BITLEN) { + job->enc_keys = &session->cipher.pKeySched_kasumi_cipher; + m_offset = 0; } #endif @@ -1383,6 +1415,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) job->msg_len_to_cipher_in_bytes >>= 3; + else if (job->hash_alg == IMB_AUTH_KASUMI_UIA1) + job->msg_len_to_hash_in_bytes >>= 3; #endif /* Set user data to be crypto operation data struct */ diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 2b236b754..0f74be126 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -606,6 +606,47 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* KASUMI (F9) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_KASUMI_F9, + .block_size = 8, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 4, + .max = 4, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* KASUMI (F8) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_KASUMI_F8, + .block_size = 8, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 8, + .max = 8, + .increment = 0 + } + }, } + }, } + }, #endif RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -- 2.25.1 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH v5 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 2020-10-09 11:29 ` [dpdk-dev] [PATCH v5 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2020-10-09 11:29 ` [dpdk-dev] [PATCH v5 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Pablo de Lara 2020-10-09 11:29 ` [dpdk-dev] [PATCH v5 3/3] crypto/aesni_mb: support KASUMI F8/F9 Pablo de Lara @ 2020-10-09 14:11 ` Akhil Goyal 2 siblings, 0 replies; 16+ messages in thread From: Akhil Goyal @ 2020-10-09 14:11 UTC (permalink / raw) To: Pablo de Lara, declan.doherty; +Cc: dev > Add support for ZUC-EEA3/EIA3 algorithms through the intel-ipsec-mb > job API, allowing the mix of these algorithms with others. > > Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> > --- > > v5: > - Added NON_BYTE_ALIGNED feature flag > - Rebased on top of crypto subtree > Added NON_BYTE_ALIGNED feature in aesni_mb.ini file. Applied to dpdk-next-crypto Thanks. ^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2020-10-09 14:11 UTC | newest] Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-09-11 11:18 [dpdk-dev] [PATCH 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2020-09-11 11:19 ` [dpdk-dev] [PATCH 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Pablo de Lara 2020-09-11 11:19 ` [dpdk-dev] [PATCH 3/3] crypto/aesni_mb: support KASUMI F8/F9 Pablo de Lara 2020-09-11 11:37 ` [dpdk-dev] [PATCH v2 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2020-09-11 11:38 ` [dpdk-dev] [PATCH v2 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Pablo de Lara 2020-09-11 11:38 ` [dpdk-dev] [PATCH v2 3/3] crypto/aesni_mb: support KASUMI F8/F9 Pablo de Lara 2020-09-11 15:54 ` [dpdk-dev] [PATCH v3 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2020-09-11 15:54 ` [dpdk-dev] [PATCH v3 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Pablo de Lara 2020-09-11 15:54 ` [dpdk-dev] [PATCH v3 3/3] crypto/aesni_mb: support KASUMI F8/F9 Pablo de Lara 2020-09-21 11:45 ` [dpdk-dev] [PATCH v4 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2020-09-21 11:45 ` [dpdk-dev] [PATCH v4 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Pablo de Lara 2020-09-21 11:45 ` [dpdk-dev] [PATCH v4 3/3] crypto/aesni_mb: support KASUMI F8/F9 Pablo de Lara 2020-10-09 11:29 ` [dpdk-dev] [PATCH v5 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Pablo de Lara 2020-10-09 11:29 ` [dpdk-dev] [PATCH v5 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Pablo de Lara 2020-10-09 11:29 ` [dpdk-dev] [PATCH v5 3/3] crypto/aesni_mb: support KASUMI F8/F9 Pablo de Lara 2020-10-09 14:11 ` [dpdk-dev] [PATCH v5 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3 Akhil Goyal
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.