crypto/cnxk: support AES-CMAC

Add support for AES CMAC auth algorithm.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst
index 6e844f54ec2c9d6b1a170437414d06b949851bbe..3c585175e3a7a48ea25fc9aa5531f71c1f3ab3ac 100644 (file)
--- a/doc/guides/cryptodevs/cnxk.rst
+++ b/doc/guides/cryptodevs/cnxk.rst
@@ -61,6 +61,7 @@ Hash algorithms:
 * ``RTE_CRYPTO_AUTH_SHA512_HMAC``
 * ``RTE_CRYPTO_AUTH_SNOW3G_UIA2``
 * ``RTE_CRYPTO_AUTH_ZUC_EIA3``
+* ``RTE_CRYPTO_AUTH_AES_CMAC``
 
 AEAD algorithms:
 

diff --git a/doc/guides/cryptodevs/features/cn10k.ini b/doc/guides/cryptodevs/features/cn10k.ini
index ab21d9da43ef0f5b372e9ee8ba91c99d3fd0fb0d..c8193c2ccae70237cd7013fcd0d5dce9258a5144 100644 (file)
--- a/doc/guides/cryptodevs/features/cn10k.ini
+++ b/doc/guides/cryptodevs/features/cn10k.ini
@@ -41,23 +41,26 @@ ZUC EEA3       = Y
 ; Supported authentication algorithms of 'cn10k' crypto driver.
 ;
 [Auth]
-NULL         = Y
-AES GMAC     = Y
-KASUMI F9    = Y
-MD5          = Y
-MD5 HMAC     = Y
-SHA1         = Y
-SHA1 HMAC    = Y
-SHA224       = Y
-SHA224 HMAC  = Y
-SHA256       = Y
-SHA256 HMAC  = Y
-SHA384       = Y
-SHA384 HMAC  = Y
-SHA512       = Y
-SHA512 HMAC  = Y
-SNOW3G UIA2  = Y
-ZUC EIA3     = Y
+NULL            = Y
+AES GMAC        = Y
+KASUMI F9       = Y
+MD5             = Y
+MD5 HMAC        = Y
+SHA1            = Y
+SHA1 HMAC       = Y
+SHA224          = Y
+SHA224 HMAC     = Y
+SHA256          = Y
+SHA256 HMAC     = Y
+SHA384          = Y
+SHA384 HMAC     = Y
+SHA512          = Y
+SHA512 HMAC     = Y
+SNOW3G UIA2     = Y
+ZUC EIA3        = Y
+AES CMAC (128)  = Y
+AES CMAC (192)  = Y
+AES CMAC (256)  = Y
 
 ;
 ; Supported AEAD algorithms of 'cn10k' crypto driver.

diff --git a/doc/guides/cryptodevs/features/cn9k.ini b/doc/guides/cryptodevs/features/cn9k.ini
index d834659d29aabf18125bd620fa9096912c279701..f215ee045bb57d6acd2997af2109486ec718f60d 100644 (file)
--- a/doc/guides/cryptodevs/features/cn9k.ini
+++ b/doc/guides/cryptodevs/features/cn9k.ini
@@ -40,23 +40,26 @@ ZUC EEA3       = Y
 ; Supported authentication algorithms of 'cn9k' crypto driver.
 ;
 [Auth]
-NULL         = Y
-AES GMAC     = Y
-KASUMI F9    = Y
-MD5          = Y
-MD5 HMAC     = Y
-SHA1         = Y
-SHA1 HMAC    = Y
-SHA224       = Y
-SHA224 HMAC  = Y
-SHA256       = Y
-SHA256 HMAC  = Y
-SHA384       = Y
-SHA384 HMAC  = Y
-SHA512       = Y
-SHA512 HMAC  = Y
-SNOW3G UIA2  = Y
-ZUC EIA3     = Y
+NULL            = Y
+AES GMAC        = Y
+KASUMI F9       = Y
+MD5             = Y
+MD5 HMAC        = Y
+SHA1            = Y
+SHA1 HMAC       = Y
+SHA224          = Y
+SHA224 HMAC     = Y
+SHA256          = Y
+SHA256 HMAC     = Y
+SHA384          = Y
+SHA384 HMAC     = Y
+SHA512          = Y
+SHA512 HMAC     = Y
+SNOW3G UIA2     = Y
+ZUC EIA3        = Y
+AES CMAC (128)  = Y
+AES CMAC (192)  = Y
+AES CMAC (256)  = Y
 
 ;
 ; Supported AEAD algorithms of 'cn9k' crypto driver.

diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst
index f4579884ba6666b4bedf95ec953c2eb7604e4593..3bc0630c7c407d442cfb43e4ae62e65f63b72e28 100644 (file)
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -63,6 +63,7 @@ New Features
   * Added AES-CTR support in lookaside protocol (IPsec) for CN9K & CN10K.
   * Added NULL cipher support in lookaside protocol (IPsec) for CN9K & CN10K.
   * Added AES-XCBC support in lookaside protocol (IPsec) for CN9K & CN10K.
+  * Added AES-CMAC support in CN9K & CN10K.
 
 * **Added an API to retrieve event port id of ethdev Rx adapter.**
 

diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h
index 253575a6353585aebab672f4b08920776a6a3037..145a1825bd609935efc374602697d60ee6382ada 100644 (file)
--- a/drivers/common/cnxk/roc_se.h
+++ b/drivers/common/cnxk/roc_se.h
@@ -11,10 +11,10 @@
 #define ROC_SE_FC_MINOR_OP_DECRYPT    0x1
 #define ROC_SE_FC_MINOR_OP_HMAC_FIRST 0x10
 
-#define ROC_SE_MAJOR_OP_HASH      0x34
-#define ROC_SE_MAJOR_OP_HMAC      0x35
-#define ROC_SE_MAJOR_OP_ZUC_SNOW3G 0x37
-#define ROC_SE_MAJOR_OP_KASUMI    0x38
+#define ROC_SE_MAJOR_OP_HASH   0x34
+#define ROC_SE_MAJOR_OP_HMAC   0x35
+#define ROC_SE_MAJOR_OP_PDCP   0x37
+#define ROC_SE_MAJOR_OP_KASUMI 0x38
 
 #define ROC_SE_MAJOR_OP_MISC            0x01
 #define ROC_SE_MISC_MINOR_OP_PASSTHROUGH 0x03

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 69ee0d90289cf00bebd4e5d7c7895f94d916b9c6..457e166fc8a229cfa81eea6cab5b773711cd3637 100644 (file)
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -568,6 +568,26 @@ static const struct rte_cryptodev_capabilities caps_aes[] = {
                        }, }
                }, }
        },
+       {       /* AES CMAC */
+               .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+               {.sym = {
+                       .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+                       {.auth = {
+                               .algo = RTE_CRYPTO_AUTH_AES_CMAC,
+                               .block_size = 16,
+                               .key_size = {
+                                       .min = 16,
+                                       .max = 32,
+                                       .increment = 8
+                               },
+                               .digest_size = {
+                                       .min = 4,
+                                       .max = 4,
+                                       .increment = 0
+                               },
+                       }, }
+               }, }
+       },
 };
 
 static const struct rte_cryptodev_capabilities caps_kasumi[] = {

diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index a8cd2c5ce5b0a51d527cdbbe80acd11255e97390..e988d57b944308612788fe4c8edfd97c7ddfcab7 100644 (file)
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -73,11 +73,15 @@ pdcp_iv_copy(uint8_t *iv_d, uint8_t *iv_s, const uint8_t pdcp_alg_type,
                for (j = 0; j < 4; j++)
                        iv_temp[j] = iv_s_temp[3 - j];
                memcpy(iv_d, iv_temp, 16);
-       } else {
+       } else if (pdcp_alg_type == ROC_SE_PDCP_ALG_TYPE_ZUC) {
                /* ZUC doesn't need a swap */
                memcpy(iv_d, iv_s, 16);
                if (pack_iv)
                        cpt_pack_iv(iv_s, iv_d);
+       } else {
+               /* AES-CMAC EIA2, microcode expects 16B zeroized IV */
+               for (j = 0; j < 4; j++)
+                       iv_d[j] = 0;
        }
 }
 
@@ -992,8 +996,8 @@ cpt_dec_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,
 }
 
 static __rte_always_inline int
-cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
-                   struct roc_se_fc_params *params, struct cpt_inst_s *inst)
+cpt_pdcp_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
+                 struct roc_se_fc_params *params, struct cpt_inst_s *inst)
 {
        uint32_t size;
        int32_t inputlen, outputlen;
@@ -1014,33 +1018,43 @@ cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
        mac_len = se_ctx->mac_len;
        pdcp_alg_type = se_ctx->pdcp_alg_type;
 
-       cpt_inst_w4.s.opcode_major = ROC_SE_MAJOR_OP_ZUC_SNOW3G;
-
+       cpt_inst_w4.s.opcode_major = ROC_SE_MAJOR_OP_PDCP;
        cpt_inst_w4.s.opcode_minor = se_ctx->template_w4.s.opcode_minor;
 
        if (flags == 0x1) {
                iv_s = params->auth_iv_buf;
-               iv_len = params->auth_iv_len;
-
-               if (iv_len == 25) {
-                       iv_len -= 2;
-                       pack_iv = 1;
-               }
 
                /*
                 * Microcode expects offsets in bytes
                 * TODO: Rounding off
                 */
                auth_data_len = ROC_SE_AUTH_DLEN(d_lens);
-
-               /* EIA3 or UIA2 */
                auth_offset = ROC_SE_AUTH_OFFSET(d_offs);
-               auth_offset = auth_offset / 8;
 
-               /* consider iv len */
-               auth_offset += iv_len;
+               if (se_ctx->pdcp_alg_type != ROC_SE_PDCP_ALG_TYPE_AES_CTR) {
+                       iv_len = params->auth_iv_len;
+
+                       if (iv_len == 25) {
+                               iv_len -= 2;
+                               pack_iv = 1;
+                       }
+
+                       auth_offset = auth_offset / 8;
+
+                       /* consider iv len */
+                       auth_offset += iv_len;
+
+                       inputlen =
+                               auth_offset + (RTE_ALIGN(auth_data_len, 8) / 8);
+               } else {
+                       iv_len = 16;
+
+                       /* consider iv len */
+                       auth_offset += iv_len;
+
+                       inputlen = auth_offset + auth_data_len;
+               }
 
-               inputlen = auth_offset + (RTE_ALIGN(auth_data_len, 8) / 8);
                outputlen = mac_len;
 
                offset_ctrl = rte_cpu_to_be_64((uint64_t)auth_offset);
@@ -1056,7 +1070,6 @@ cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
                        pack_iv = 1;
                }
 
-               /* EEA3 or UEA2 */
                /*
                 * Microcode expects offsets in bytes
                 * TODO: Rounding off
@@ -1589,8 +1602,7 @@ cpt_fc_dec_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,
        if (likely(fc_type == ROC_SE_FC_GEN)) {
                ret = cpt_dec_hmac_prep(flags, d_offs, d_lens, fc_params, inst);
        } else if (fc_type == ROC_SE_PDCP) {
-               ret = cpt_zuc_snow3g_prep(flags, d_offs, d_lens, fc_params,
-                                         inst);
+               ret = cpt_pdcp_alg_prep(flags, d_offs, d_lens, fc_params, inst);
        } else if (fc_type == ROC_SE_KASUMI) {
                ret = cpt_kasumi_dec_prep(d_offs, d_lens, fc_params, inst);
        }
@@ -1618,8 +1630,7 @@ cpt_fc_enc_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,
        if (likely(fc_type == ROC_SE_FC_GEN)) {
                ret = cpt_enc_hmac_prep(flags, d_offs, d_lens, fc_params, inst);
        } else if (fc_type == ROC_SE_PDCP) {
-               ret = cpt_zuc_snow3g_prep(flags, d_offs, d_lens, fc_params,
-                                         inst);
+               ret = cpt_pdcp_alg_prep(flags, d_offs, d_lens, fc_params, inst);
        } else if (fc_type == ROC_SE_KASUMI) {
                ret = cpt_kasumi_enc_prep(flags, d_offs, d_lens, fc_params,
                                          inst);
@@ -1883,8 +1894,11 @@ fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
                auth_type = 0;
                is_null = 1;
                break;
-       case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
        case RTE_CRYPTO_AUTH_AES_CMAC:
+               auth_type = ROC_SE_AES_CMAC_EIA2;
+               zsk_flag = ROC_SE_ZS_IA;
+               break;
+       case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
        case RTE_CRYPTO_AUTH_AES_CBC_MAC:
                plt_dp_err("Crypto: Unsupported hash algo %u", a_form->algo);
                return -1;