crypto/cnxk: support AES-CMAC

author Anoob Joseph <anoobj@marvell.com>

Fri, 17 Dec 2021 09:20:08 +0000 (14:50 +0530)

committer Akhil Goyal <gakhil@marvell.com>

Fri, 21 Jan 2022 09:17:35 +0000 (10:17 +0100)
author Anoob Joseph <anoobj@marvell.com>
Fri, 17 Dec 2021 09:20:08 +0000 (14:50 +0530)
committer Akhil Goyal <gakhil@marvell.com>
Fri, 21 Jan 2022 09:17:35 +0000 (10:17 +0100)
diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst

index 6e844f5..3c58517 100644 (file)
--- a/doc/guides/cryptodevs/cnxk.rst
+++ b/doc/guides/cryptodevs/cnxk.rst
@@ -61,6 +61,7 @@ Hash algorithms:
  * ``RTE_CRYPTO_AUTH_SHA512_HMAC``
  * ``RTE_CRYPTO_AUTH_SNOW3G_UIA2``
  * ``RTE_CRYPTO_AUTH_ZUC_EIA3``
+* ``RTE_CRYPTO_AUTH_AES_CMAC``
  
  AEAD algorithms:
  
diff --git a/doc/guides/cryptodevs/features/cn10k.ini b/doc/guides/cryptodevs/features/cn10k.ini

index ab21d9d..c8193c2 100644 (file)
--- a/doc/guides/cryptodevs/features/cn10k.ini
+++ b/doc/guides/cryptodevs/features/cn10k.ini
@@ -41,23 +41,26 @@ ZUC EEA3       = Y
  ; Supported authentication algorithms of 'cn10k' crypto driver.
  ;
  [Auth]
-NULL         = Y
-AES GMAC     = Y
-KASUMI F9    = Y
-MD5          = Y
-MD5 HMAC     = Y
-SHA1         = Y
-SHA1 HMAC    = Y
-SHA224       = Y
-SHA224 HMAC  = Y
-SHA256       = Y
-SHA256 HMAC  = Y
-SHA384       = Y
-SHA384 HMAC  = Y
-SHA512       = Y
-SHA512 HMAC  = Y
-SNOW3G UIA2  = Y
-ZUC EIA3     = Y
+NULL            = Y
+AES GMAC        = Y
+KASUMI F9       = Y
+MD5             = Y
+MD5 HMAC        = Y
+SHA1            = Y
+SHA1 HMAC       = Y
+SHA224          = Y
+SHA224 HMAC     = Y
+SHA256          = Y
+SHA256 HMAC     = Y
+SHA384          = Y
+SHA384 HMAC     = Y
+SHA512          = Y
+SHA512 HMAC     = Y
+SNOW3G UIA2     = Y
+ZUC EIA3        = Y
+AES CMAC (128)  = Y
+AES CMAC (192)  = Y
+AES CMAC (256)  = Y
  
  ;
  ; Supported AEAD algorithms of 'cn10k' crypto driver.
diff --git a/doc/guides/cryptodevs/features/cn9k.ini b/doc/guides/cryptodevs/features/cn9k.ini

index d834659..f215ee0 100644 (file)
--- a/doc/guides/cryptodevs/features/cn9k.ini
+++ b/doc/guides/cryptodevs/features/cn9k.ini
@@ -40,23 +40,26 @@ ZUC EEA3       = Y
  ; Supported authentication algorithms of 'cn9k' crypto driver.
  ;
  [Auth]
-NULL         = Y
-AES GMAC     = Y
-KASUMI F9    = Y
-MD5          = Y
-MD5 HMAC     = Y
-SHA1         = Y
-SHA1 HMAC    = Y
-SHA224       = Y
-SHA224 HMAC  = Y
-SHA256       = Y
-SHA256 HMAC  = Y
-SHA384       = Y
-SHA384 HMAC  = Y
-SHA512       = Y
-SHA512 HMAC  = Y
-SNOW3G UIA2  = Y
-ZUC EIA3     = Y
+NULL            = Y
+AES GMAC        = Y
+KASUMI F9       = Y
+MD5             = Y
+MD5 HMAC        = Y
+SHA1            = Y
+SHA1 HMAC       = Y
+SHA224          = Y
+SHA224 HMAC     = Y
+SHA256          = Y
+SHA256 HMAC     = Y
+SHA384          = Y
+SHA384 HMAC     = Y
+SHA512          = Y
+SHA512 HMAC     = Y
+SNOW3G UIA2     = Y
+ZUC EIA3        = Y
+AES CMAC (128)  = Y
+AES CMAC (192)  = Y
+AES CMAC (256)  = Y
  
  ;
  ; Supported AEAD algorithms of 'cn9k' crypto driver.
diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst

index f457988..3bc0630 100644 (file)
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -63,6 +63,7 @@ New Features
    * Added AES-CTR support in lookaside protocol (IPsec) for CN9K & CN10K.
    * Added NULL cipher support in lookaside protocol (IPsec) for CN9K & CN10K.
    * Added AES-XCBC support in lookaside protocol (IPsec) for CN9K & CN10K.
+  * Added AES-CMAC support in CN9K & CN10K.
  
  * **Added an API to retrieve event port id of ethdev Rx adapter.**
  
diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h

index 253575a..145a182 100644 (file)
--- a/drivers/common/cnxk/roc_se.h
+++ b/drivers/common/cnxk/roc_se.h
@@ -11,10 +11,10 @@
  #define ROC_SE_FC_MINOR_OP_DECRYPT    0x1
  #define ROC_SE_FC_MINOR_OP_HMAC_FIRST 0x10
  
-#define ROC_SE_MAJOR_OP_HASH      0x34
-#define ROC_SE_MAJOR_OP_HMAC      0x35
-#define ROC_SE_MAJOR_OP_ZUC_SNOW3G 0x37
-#define ROC_SE_MAJOR_OP_KASUMI    0x38
+#define ROC_SE_MAJOR_OP_HASH   0x34
+#define ROC_SE_MAJOR_OP_HMAC   0x35
+#define ROC_SE_MAJOR_OP_PDCP   0x37
+#define ROC_SE_MAJOR_OP_KASUMI 0x38
  
  #define ROC_SE_MAJOR_OP_MISC            0x01
  #define ROC_SE_MISC_MINOR_OP_PASSTHROUGH 0x03
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c

index 69ee0d9..457e166 100644 (file)
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -568,6 +568,26 @@ static const struct rte_cryptodev_capabilities caps_aes[] = {
                         }, }
                 }, }
         },
+       {       /* AES CMAC */
+               .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+               {.sym = {
+                       .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+                       {.auth = {
+                               .algo = RTE_CRYPTO_AUTH_AES_CMAC,
+                               .block_size = 16,
+                               .key_size = {
+                                       .min = 16,
+                                       .max = 32,
+                                       .increment = 8
+                               },
+                               .digest_size = {
+                                       .min = 4,
+                                       .max = 4,
+                                       .increment = 0
+                               },
+                       }, }
+               }, }
+       },
  };
  
  static const struct rte_cryptodev_capabilities caps_kasumi[] = {
diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h

index a8cd2c5..e988d57 100644 (file)
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -73,11 +73,15 @@ pdcp_iv_copy(uint8_t *iv_d, uint8_t *iv_s, const uint8_t pdcp_alg_type,
                 for (j = 0; j < 4; j++)
                         iv_temp[j] = iv_s_temp[3 - j];
                 memcpy(iv_d, iv_temp, 16);
-       } else {
+       } else if (pdcp_alg_type == ROC_SE_PDCP_ALG_TYPE_ZUC) {
                 /* ZUC doesn't need a swap */
                 memcpy(iv_d, iv_s, 16);
                 if (pack_iv)
                         cpt_pack_iv(iv_s, iv_d);
+       } else {
+               /* AES-CMAC EIA2, microcode expects 16B zeroized IV */
+               for (j = 0; j < 4; j++)
+                       iv_d[j] = 0;
         }
  }
  
@@ -992,8 +996,8 @@ cpt_dec_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,
  }
  
  static __rte_always_inline int
-cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
-                   struct roc_se_fc_params *params, struct cpt_inst_s *inst)
+cpt_pdcp_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
+                 struct roc_se_fc_params *params, struct cpt_inst_s *inst)
  {
         uint32_t size;
         int32_t inputlen, outputlen;
@@ -1014,33 +1018,43 @@ cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
         mac_len = se_ctx->mac_len;
         pdcp_alg_type = se_ctx->pdcp_alg_type;
  
-       cpt_inst_w4.s.opcode_major = ROC_SE_MAJOR_OP_ZUC_SNOW3G;
-
+       cpt_inst_w4.s.opcode_major = ROC_SE_MAJOR_OP_PDCP;
         cpt_inst_w4.s.opcode_minor = se_ctx->template_w4.s.opcode_minor;
  
         if (flags == 0x1) {
                 iv_s = params->auth_iv_buf;
-               iv_len = params->auth_iv_len;
-
-               if (iv_len == 25) {
-                       iv_len -= 2;
-                       pack_iv = 1;
-               }
  
                 /*
                  * Microcode expects offsets in bytes
                  * TODO: Rounding off
                  */
                 auth_data_len = ROC_SE_AUTH_DLEN(d_lens);
-
-               /* EIA3 or UIA2 */
                 auth_offset = ROC_SE_AUTH_OFFSET(d_offs);
-               auth_offset = auth_offset / 8;
  
-               /* consider iv len */
-               auth_offset += iv_len;
+               if (se_ctx->pdcp_alg_type != ROC_SE_PDCP_ALG_TYPE_AES_CTR) {
+                       iv_len = params->auth_iv_len;
+
+                       if (iv_len == 25) {
+                               iv_len -= 2;
+                               pack_iv = 1;
+                       }
+
+                       auth_offset = auth_offset / 8;
+
+                       /* consider iv len */
+                       auth_offset += iv_len;
+
+                       inputlen =
+                               auth_offset + (RTE_ALIGN(auth_data_len, 8) / 8);
+               } else {
+                       iv_len = 16;
+
+                       /* consider iv len */
+                       auth_offset += iv_len;
+
+                       inputlen = auth_offset + auth_data_len;
+               }
  
-               inputlen = auth_offset + (RTE_ALIGN(auth_data_len, 8) / 8);
                 outputlen = mac_len;
  
                 offset_ctrl = rte_cpu_to_be_64((uint64_t)auth_offset);
@@ -1056,7 +1070,6 @@ cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
                         pack_iv = 1;
                 }
  
-               /* EEA3 or UEA2 */
                 /*
                  * Microcode expects offsets in bytes
                  * TODO: Rounding off
@@ -1589,8 +1602,7 @@ cpt_fc_dec_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,
         if (likely(fc_type == ROC_SE_FC_GEN)) {
                 ret = cpt_dec_hmac_prep(flags, d_offs, d_lens, fc_params, inst);
         } else if (fc_type == ROC_SE_PDCP) {
-               ret = cpt_zuc_snow3g_prep(flags, d_offs, d_lens, fc_params,
-                                         inst);
+               ret = cpt_pdcp_alg_prep(flags, d_offs, d_lens, fc_params, inst);
         } else if (fc_type == ROC_SE_KASUMI) {
                 ret = cpt_kasumi_dec_prep(d_offs, d_lens, fc_params, inst);
         }
@@ -1618,8 +1630,7 @@ cpt_fc_enc_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,
         if (likely(fc_type == ROC_SE_FC_GEN)) {
                 ret = cpt_enc_hmac_prep(flags, d_offs, d_lens, fc_params, inst);
         } else if (fc_type == ROC_SE_PDCP) {
-               ret = cpt_zuc_snow3g_prep(flags, d_offs, d_lens, fc_params,
-                                         inst);
+               ret = cpt_pdcp_alg_prep(flags, d_offs, d_lens, fc_params, inst);
         } else if (fc_type == ROC_SE_KASUMI) {
                 ret = cpt_kasumi_enc_prep(flags, d_offs, d_lens, fc_params,
                                           inst);
@@ -1883,8 +1894,11 @@ fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
                 auth_type = 0;
                 is_null = 1;
                 break;
-       case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
         case RTE_CRYPTO_AUTH_AES_CMAC:
+               auth_type = ROC_SE_AES_CMAC_EIA2;
+               zsk_flag = ROC_SE_ZS_IA;
+               break;
+       case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
         case RTE_CRYPTO_AUTH_AES_CBC_MAC:
                 plt_dp_err("Crypto: Unsupported hash algo %u", a_form->algo);
                 return -1;
author	Anoob Joseph <anoobj@marvell.com>
	Fri, 17 Dec 2021 09:20:08 +0000 (14:50 +0530)
committer	Akhil Goyal <gakhil@marvell.com>
	Fri, 21 Jan 2022 09:17:35 +0000 (10:17 +0100)
doc/guides/cryptodevs/cnxk.rst		patch \| blob \| history
doc/guides/cryptodevs/features/cn10k.ini		patch \| blob \| history
doc/guides/cryptodevs/features/cn9k.ini		patch \| blob \| history
doc/guides/rel_notes/release_22_03.rst		patch \| blob \| history
drivers/common/cnxk/roc_se.h		patch \| blob \| history
drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c		patch \| blob \| history
drivers/crypto/cnxk/cnxk_se.h		patch \| blob \| history