crypto/dpaa_sec: support AES-CMAC integrity check

This patch adds support for AES_CMAC integrity
in non-security mode.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

diff --git a/doc/guides/cryptodevs/features/dpaa_sec.ini b/doc/guides/cryptodevs/features/dpaa_sec.ini
index d7bc319373898f55dd8834d71e2f38c4b2afc5a7..6a8f77fb1d2e2ff9a014c6628de99c9ed9168e11 100644 (file)
--- a/doc/guides/cryptodevs/features/dpaa_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa_sec.ini
@@ -48,6 +48,7 @@ SHA512 HMAC  = Y
 SNOW3G UIA2  = Y
 ZUC EIA3     = Y
 AES XCBC MAC = Y
+AES CMAC (128) = Y
 
 ;
 ; Supported AEAD algorithms of the 'dpaa_sec' crypto driver.

diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index 2d1471c0d285ddcd85a1f9e1ef4f546e0465d3b2..50e4fb1205a8e128e9b1c1fb64c7bf09e44c38f8 100644 (file)
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -75,7 +75,7 @@ New Features
 
 * **Updated NXP dpaa_sec crypto PMD.**
 
-  * Added DES-CBC, AES-XCBC-MAC and non-HMAC algo support.
+  * Added DES-CBC, AES-XCBC-MAC, AES-CMAC and non-HMAC algo support.
 
 
 Removed Items

diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 39456e461c174efcecc024f074d19f10bc072019..d6c101362a58870fe926793824d064f0ba151645 100644 (file)
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -528,6 +528,7 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
                                                ses->digest_length);
                        break;
                case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+               case RTE_CRYPTO_AUTH_AES_CMAC:
                        shared_desc_len = cnstr_shdsc_aes_mac(
                                                cdb->sh_desc,
                                                true, swap, SHR_NEVER,
@@ -2180,6 +2181,10 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused,
                session->auth_key.alg = OP_ALG_ALGSEL_AES;
                session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
                break;
+       case RTE_CRYPTO_AUTH_AES_CMAC:
+               session->auth_key.alg = OP_ALG_ALGSEL_AES;
+               session->auth_key.algmode = OP_ALG_AAI_CMAC;
+               break;
        default:
                DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
                              xform->auth.algo);
@@ -2265,6 +2270,10 @@ dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused,
                session->auth_key.alg = OP_ALG_ALGSEL_AES;
                session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
                break;
+       case RTE_CRYPTO_AUTH_AES_CMAC:
+               session->auth_key.alg = OP_ALG_ALGSEL_AES;
+               session->auth_key.algmode = OP_ALG_AAI_CMAC;
+               break;
        default:
                DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
                              auth_xform->algo);
@@ -2700,6 +2709,7 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
                break;
        case RTE_CRYPTO_AUTH_AES_CMAC:
                session->auth_key.alg = OP_PCL_IPSEC_AES_CMAC_96;
+               session->auth_key.algmode = OP_ALG_AAI_CMAC;
                break;
        case RTE_CRYPTO_AUTH_NULL:
                session->auth_key.alg = OP_PCL_IPSEC_HMAC_NULL;

diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h
index d500a4c2467f155e03244f365ef99fa94bceedd2..c94d78e04676e29061681a9473113488d9fb6936 100644 (file)
--- a/drivers/crypto/dpaa_sec/dpaa_sec.h
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
@@ -712,6 +712,49 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
                        }, }
                }, }
        },
+       {       /* AES CMAC */
+               .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+               {.sym = {
+                       .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+                       {.auth = {
+                               .algo = RTE_CRYPTO_AUTH_AES_CMAC,
+                               .block_size = 16,
+                               .key_size = {
+                                       .min = 1,
+                                       .max = 16,
+                                       .increment = 1
+                               },
+                               .digest_size = {
+                                       .min = 12,
+                                       .max = 16,
+                                       .increment = 4
+                               },
+                               .iv_size = { 0 }
+                       }, }
+               }, }
+       },
+       {       /* AES XCBC HMAC */
+               .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+               {.sym = {
+                       .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+                       {.auth = {
+                               .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
+                               .block_size = 16,
+                               .key_size = {
+                                       .min = 1,
+                                       .max = 16,
+                                       .increment = 1
+                               },
+                               .digest_size = {
+                                       .min = 12,
+                                       .max = 16,
+                                       .increment = 4
+                               },
+                               .aad_size = { 0 },
+                               .iv_size = { 0 }
+                       }, }
+               }, }
+       },
        RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };