crypto/aesni_mb: support ZUC-EEA3/EIA3

Add support for ZUC-EEA3/EIA3 algorithms through the intel-ipsec-mb
job API, allowing the mix of these algorithms with others.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index 69d69ff..9d34803 100644 (file)
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -35,23 +35,25 @@ Cipher algorithms:
 * RTE_CRYPTO_CIPHER_AES128_ECB
 * RTE_CRYPTO_CIPHER_AES192_ECB
 * RTE_CRYPTO_CIPHER_AES256_ECB
+* RTE_CRYPTO_CIPHER_ZUC_EEA3
 
 Hash algorithms:
 
-* RTE_CRYPTO_HASH_MD5_HMAC
-* RTE_CRYPTO_HASH_SHA1_HMAC
-* RTE_CRYPTO_HASH_SHA224_HMAC
-* RTE_CRYPTO_HASH_SHA256_HMAC
-* RTE_CRYPTO_HASH_SHA384_HMAC
-* RTE_CRYPTO_HASH_SHA512_HMAC
-* RTE_CRYPTO_HASH_AES_XCBC_HMAC
-* RTE_CRYPTO_HASH_AES_CMAC
-* RTE_CRYPTO_HASH_AES_GMAC
-* RTE_CRYPTO_HASH_SHA1
-* RTE_CRYPTO_HASH_SHA224
-* RTE_CRYPTO_HASH_SHA256
-* RTE_CRYPTO_HASH_SHA384
-* RTE_CRYPTO_HASH_SHA512
+* RTE_CRYPTO_AUTH_MD5_HMAC
+* RTE_CRYPTO_AUTH_SHA1_HMAC
+* RTE_CRYPTO_AUTH_SHA224_HMAC
+* RTE_CRYPTO_AUTH_SHA256_HMAC
+* RTE_CRYPTO_AUTH_SHA384_HMAC
+* RTE_CRYPTO_AUTH_SHA512_HMAC
+* RTE_CRYPTO_AUTH_AES_XCBC_HMAC
+* RTE_CRYPTO_AUTH_AES_CMAC
+* RTE_CRYPTO_AUTH_AES_GMAC
+* RTE_CRYPTO_AUTH_SHA1
+* RTE_CRYPTO_AUTH_SHA224
+* RTE_CRYPTO_AUTH_SHA256
+* RTE_CRYPTO_AUTH_SHA384
+* RTE_CRYPTO_AUTH_SHA512
+* RTE_CRYPTO_AUTH_ZUC_EIA3
 
 AEAD algorithms:
 

diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini
index 126b3a4..3873a8d 100644 (file)
--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@@ -15,6 +15,7 @@ CPU AESNI              = Y
 OOP LB  In LB  Out     = Y
 CPU crypto             = Y
 Symmetric sessionless  = Y
+Non-Byte aligned data  = Y
 
 ;
 ; Supported crypto algorithms of the 'aesni_mb' crypto driver.
@@ -33,6 +34,7 @@ DES DOCSIS BPI = Y
 AES ECB (128)  = Y
 AES ECB (192)  = Y
 AES ECB (256)  = Y
+ZUC EEA3       = Y
 
 ;
 ; Supported authentication algorithms of the 'aesni_mb' crypto driver.
@@ -52,6 +54,7 @@ SHA512 HMAC  = Y
 AES XCBC MAC = Y
 AES CMAC (128)  = Y
 AES GMAC     = Y
+ZUC EIA3     = Y
 
 ;
 ; Supported AEAD algorithms of the 'aesni_mb' crypto driver.

diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst
index d400cee..c227c08 100644 (file)
--- a/doc/guides/rel_notes/release_20_11.rst
+++ b/doc/guides/rel_notes/release_20_11.rst
@@ -152,9 +152,10 @@ New Features
     ``--portmask=N``
     where N represents the hexadecimal bitmask of ports used.
 
-* **Added support for AES-ECB in aesni_mb crypto PMD.**
+* **Updated the aesni_mb crypto PMD.**
 
-  * Added support for AES-ECB 128, 192 and 256 in aesni_mb PMD.
+  * Added support for AES-ECB 128, 192 and 256.
+  * Added support for ZUC-EEA3/EIA3 algorithms.
 
 * **Updated Marvell NITROX symmetric crypto PMD.**
 

diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
index e0c7b4f..601ab9a 100644 (file)
--- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
+++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
@@ -39,22 +39,25 @@ extern int aesni_mb_logtype_driver;
 /* Maximum length for digest */
 #define DIGEST_LENGTH_MAX 64
 static const unsigned auth_blocksize[] = {
-               [NULL_HASH]     = 0,
-               [MD5]           = 64,
-               [SHA1]          = 64,
-               [SHA_224]       = 64,
-               [SHA_256]       = 64,
-               [SHA_384]       = 128,
-               [SHA_512]       = 128,
-               [AES_XCBC]      = 16,
-               [AES_CCM]       = 16,
-               [AES_CMAC]      = 16,
-               [AES_GMAC]      = 16,
-               [PLAIN_SHA1]    = 64,
-               [PLAIN_SHA_224] = 64,
-               [PLAIN_SHA_256] = 64,
-               [PLAIN_SHA_384] = 128,
-               [PLAIN_SHA_512] = 128
+               [NULL_HASH]                     = 0,
+               [MD5]                           = 64,
+               [SHA1]                          = 64,
+               [SHA_224]                       = 64,
+               [SHA_256]                       = 64,
+               [SHA_384]                       = 128,
+               [SHA_512]                       = 128,
+               [AES_XCBC]                      = 16,
+               [AES_CCM]                       = 16,
+               [AES_CMAC]                      = 16,
+               [AES_GMAC]                      = 16,
+               [PLAIN_SHA1]                    = 64,
+               [PLAIN_SHA_224]                 = 64,
+               [PLAIN_SHA_256]                 = 64,
+               [PLAIN_SHA_384]                 = 128,
+               [PLAIN_SHA_512]                 = 128,
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+               [IMB_AUTH_ZUC_EIA3_BITLEN]      = 16
+#endif
 };
 
 /**
@@ -70,22 +73,25 @@ get_auth_algo_blocksize(JOB_HASH_ALG algo)
 }
 
 static const unsigned auth_truncated_digest_byte_lengths[] = {
-               [MD5]           = 12,
-               [SHA1]          = 12,
-               [SHA_224]       = 14,
-               [SHA_256]       = 16,
-               [SHA_384]       = 24,
-               [SHA_512]       = 32,
-               [AES_XCBC]      = 12,
-               [AES_CMAC]      = 12,
-               [AES_CCM]       = 8,
-               [NULL_HASH]     = 0,
-               [AES_GMAC]      = 16,
-               [PLAIN_SHA1]    = 20,
-               [PLAIN_SHA_224] = 28,
-               [PLAIN_SHA_256] = 32,
-               [PLAIN_SHA_384] = 48,
-               [PLAIN_SHA_512] = 64
+               [MD5]                           = 12,
+               [SHA1]                          = 12,
+               [SHA_224]                       = 14,
+               [SHA_256]                       = 16,
+               [SHA_384]                       = 24,
+               [SHA_512]                       = 32,
+               [AES_XCBC]                      = 12,
+               [AES_CMAC]                      = 12,
+               [AES_CCM]                       = 8,
+               [NULL_HASH]                     = 0,
+               [AES_GMAC]                      = 16,
+               [PLAIN_SHA1]                    = 20,
+               [PLAIN_SHA_224]                 = 28,
+               [PLAIN_SHA_256]                 = 32,
+               [PLAIN_SHA_384]                 = 48,
+               [PLAIN_SHA_512]                 = 64,
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+               [IMB_AUTH_ZUC_EIA3_BITLEN]      = 4
+#endif
 };
 
 /**
@@ -102,22 +108,25 @@ get_truncated_digest_byte_length(JOB_HASH_ALG algo)
 }
 
 static const unsigned auth_digest_byte_lengths[] = {
-               [MD5]           = 16,
-               [SHA1]          = 20,
-               [SHA_224]       = 28,
-               [SHA_256]       = 32,
-               [SHA_384]       = 48,
-               [SHA_512]       = 64,
-               [AES_XCBC]      = 16,
-               [AES_CMAC]      = 16,
-               [AES_CCM]       = 16,
-               [AES_GMAC]      = 12,
-               [NULL_HASH]     = 0,
-               [PLAIN_SHA1]    = 20,
-               [PLAIN_SHA_224] = 28,
-               [PLAIN_SHA_256] = 32,
-               [PLAIN_SHA_384] = 48,
-               [PLAIN_SHA_512] = 64
+               [MD5]                           = 16,
+               [SHA1]                          = 20,
+               [SHA_224]                       = 28,
+               [SHA_256]                       = 32,
+               [SHA_384]                       = 48,
+               [SHA_512]                       = 64,
+               [AES_XCBC]                      = 16,
+               [AES_CMAC]                      = 16,
+               [AES_CCM]                       = 16,
+               [AES_GMAC]                      = 12,
+               [NULL_HASH]                     = 0,
+               [PLAIN_SHA1]                    = 20,
+               [PLAIN_SHA_224]                 = 28,
+               [PLAIN_SHA_256]                 = 32,
+               [PLAIN_SHA_384]                 = 48,
+               [PLAIN_SHA_512]                 = 64,
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+               [IMB_AUTH_ZUC_EIA3_BITLEN]      = 4
+#endif
        /**< Vector mode dependent pointer table of the multi-buffer APIs */
 
 };
@@ -189,6 +198,10 @@ struct aesni_mb_session {
                uint16_t length;
                uint16_t offset;
        } iv;
+       struct {
+               uint16_t length;
+               uint16_t offset;
+       } auth_iv;
        /**< IV parameters */
 
        /** Cipher Parameters */const struct aesni_mb_op_fns *op_fns;
@@ -209,19 +222,23 @@ struct aesni_mb_session {
                                uint32_t decode[60] __rte_aligned(16);
                                /**< decode key */
                        } expanded_aes_keys;
+                       /**< Expanded AES keys - Allocating space to
+                        * contain the maximum expanded key size which
+                        * is 240 bytes for 256 bit AES, calculate by:
+                        * ((key size (bytes)) *
+                        * ((number of rounds) + 1))
+                        */
                        struct {
                                const void *ks_ptr[3];
                                uint64_t key[3][16];
                        } exp_3des_keys;
+                       /**< Expanded 3DES keys */
 
                        struct gcm_key_data gcm_key;
+                       /**< Expanded GCM key */
+                       uint8_t zuc_cipher_key[16];
+                       /**< ZUC cipher key */
                };
-               /**< Expanded AES keys - Allocating space to
-                * contain the maximum expanded key size which
-                * is 240 bytes for 256 bit AES, calculate by:
-                * ((key size (bytes)) *
-                * ((number of rounds) + 1))
-                */
        } cipher;
 
        /** Authentication Parameters */
@@ -260,6 +277,8 @@ struct aesni_mb_session {
                                                    /**< k3. */
                        } cmac;
                        /**< Expanded XCBC authentication keys */
+                       uint8_t zuc_auth_key[16];
+                       /**< ZUC authentication key */
                };
        /** Generated digest size by the Multi-buffer library */
        uint16_t gen_digest_len;

diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index e494283..dbd79d5 100644 (file)
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -146,6 +146,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
                return -1;
        }
 
+       /* Set IV parameters */
+       sess->auth_iv.offset = xform->auth.iv.offset;
+       sess->auth_iv.length = xform->auth.iv.length;
+
        /* Set the request digest size */
        sess->auth.req_digest_len = xform->auth.digest_length;
 
@@ -249,6 +253,22 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
                return 0;
        }
 
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+       if (xform->auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3) {
+               sess->auth.algo = IMB_AUTH_ZUC_EIA3_BITLEN;
+               uint16_t zuc_eia3_digest_len =
+                       get_truncated_digest_byte_length(IMB_AUTH_ZUC_EIA3_BITLEN);
+               if (sess->auth.req_digest_len != zuc_eia3_digest_len) {
+                       AESNI_MB_LOG(ERR, "Invalid digest size\n");
+                       return -EINVAL;
+               }
+               sess->auth.gen_digest_len = sess->auth.req_digest_len;
+
+               memcpy(sess->auth.zuc_auth_key, xform->auth.key.data, 16);
+               return 0;
+       }
+#endif
+
        switch (xform->auth.algo) {
        case RTE_CRYPTO_AUTH_MD5_HMAC:
                sess->auth.algo = MD5;
@@ -381,6 +401,9 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
        uint8_t is_aes = 0;
        uint8_t is_3DES = 0;
        uint8_t is_docsis = 0;
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+       uint8_t is_zuc = 0;
+#endif
 
        if (xform == NULL) {
                sess->cipher.mode = NULL_CIPHER;
@@ -434,6 +457,12 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
                sess->cipher.mode = ECB;
                is_aes = 1;
                break;
+#endif
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+       case RTE_CRYPTO_CIPHER_ZUC_EEA3:
+               sess->cipher.mode = IMB_CIPHER_ZUC_EEA3;
+               is_zuc = 1;
+               break;
 #endif
        default:
                AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter");
@@ -477,7 +506,7 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
                                        sess->cipher.expanded_aes_keys.encode,
                                        sess->cipher.expanded_aes_keys.decode);
                        break;
-#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3)
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
                case AES_256_BYTES:
                        sess->cipher.key_length_in_bytes = AES_256_BYTES;
                        IMB_AES_KEYEXP_256(mb_mgr, xform->cipher.key.data,
@@ -533,6 +562,16 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
                }
 
                sess->cipher.key_length_in_bytes = 24;
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+       } else if (is_zuc) {
+               if (xform->cipher.key.length != 16) {
+                       AESNI_MB_LOG(ERR, "Invalid cipher key length");
+                       return -EINVAL;
+               }
+               sess->cipher.key_length_in_bytes = 16;
+               memcpy(sess->cipher.zuc_cipher_key, xform->cipher.key.data,
+                       16);
+#endif
        } else {
                if (xform->cipher.key.length != 8) {
                        AESNI_MB_LOG(ERR, "Invalid cipher key length");
@@ -699,6 +738,7 @@ aesni_mb_set_session_parameters(const MB_MGR *mb_mgr,
 
        /* Default IV length = 0 */
        sess->iv.length = 0;
+       sess->auth_iv.length = 0;
 
        ret = aesni_mb_set_session_auth_parameters(mb_mgr, sess, auth_xform);
        if (ret != 0) {
@@ -1174,7 +1214,13 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
                job->aes_enc_key_expanded = &session->cipher.gcm_key;
                job->aes_dec_key_expanded = &session->cipher.gcm_key;
                break;
-
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+       case IMB_AUTH_ZUC_EIA3_BITLEN:
+               job->u.ZUC_EIA3._key = session->auth.zuc_auth_key;
+               job->u.ZUC_EIA3._iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+                                               session->auth_iv.offset);
+               break;
+#endif
        default:
                job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner;
                job->u.HMAC._hashed_auth_key_xor_opad = session->auth.pads.outer;
@@ -1192,6 +1238,13 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
                }
        }
 
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+       if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) {
+               job->aes_enc_key_expanded = session->cipher.zuc_cipher_key;
+               job->aes_dec_key_expanded = session->cipher.zuc_cipher_key;
+       }
+#endif
+
        if (!op->sym->m_dst) {
                /* in-place operation */
                m_dst = m_src;
@@ -1292,6 +1345,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
                        session->iv.offset);
        }
 
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+       if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3)
+               job->msg_len_to_cipher_in_bytes >>= 3;
+#endif
+
        /* Set user data to be crypto operation data struct */
        job->user_data = op;
 
@@ -1915,6 +1973,7 @@ cryptodev_aesni_mb_create(const char *name,
                        RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
                        RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
                        RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO |
+                       RTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA |
                        RTE_CRYPTODEV_FF_SYM_SESSIONLESS;
 
 #ifdef AESNI_MB_DOCSIS_SEC_ENABLED

diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index ccec4eb..0ada3b9 100644 (file)
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -514,6 +514,53 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
                        }, }
                }, }
        },
+#endif
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+       {       /* ZUC (EIA3) */
+               .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+               {.sym = {
+                       .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+                       {.auth = {
+                               .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
+                               .block_size = 16,
+                               .key_size = {
+                                       .min = 16,
+                                       .max = 16,
+                                       .increment = 0
+                               },
+                               .digest_size = {
+                                       .min = 4,
+                                       .max = 4,
+                                       .increment = 0
+                               },
+                               .iv_size = {
+                                       .min = 16,
+                                       .max = 16,
+                                       .increment = 0
+                               }
+                       }, }
+               }, }
+       },
+       {       /* ZUC (EEA3) */
+               .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+               {.sym = {
+                       .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+                       {.cipher = {
+                               .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
+                               .block_size = 16,
+                               .key_size = {
+                                       .min = 16,
+                                       .max = 16,
+                                       .increment = 0
+                               },
+                               .iv_size = {
+                                       .min = 16,
+                                       .max = 16,
+                                       .increment = 0
+                               },
+                       }, }
+               }, }
+       },
 #endif
        RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };