From: Anoob Joseph <anoobj@marvell.com>
Date: Fri, 17 Dec 2021 09:20:08 +0000 (+0530)
Subject: crypto/cnxk: support AES-CMAC
X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;ds=sidebyside;h=759b5e653580;p=dpdk.git

crypto/cnxk: support AES-CMAC

Add support for AES CMAC auth algorithm.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
---

diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst
index 6e844f54ec..3c585175e3 100644
--- a/doc/guides/cryptodevs/cnxk.rst
+++ b/doc/guides/cryptodevs/cnxk.rst
@@ -61,6 +61,7 @@ Hash algorithms:
 * ``RTE_CRYPTO_AUTH_SHA512_HMAC``
 * ``RTE_CRYPTO_AUTH_SNOW3G_UIA2``
 * ``RTE_CRYPTO_AUTH_ZUC_EIA3``
+* ``RTE_CRYPTO_AUTH_AES_CMAC``
 
 AEAD algorithms:
 
diff --git a/doc/guides/cryptodevs/features/cn10k.ini b/doc/guides/cryptodevs/features/cn10k.ini
index ab21d9da43..c8193c2cca 100644
--- a/doc/guides/cryptodevs/features/cn10k.ini
+++ b/doc/guides/cryptodevs/features/cn10k.ini
@@ -41,23 +41,26 @@ ZUC EEA3       = Y
 ; Supported authentication algorithms of 'cn10k' crypto driver.
 ;
 [Auth]
-NULL         = Y
-AES GMAC     = Y
-KASUMI F9    = Y
-MD5          = Y
-MD5 HMAC     = Y
-SHA1         = Y
-SHA1 HMAC    = Y
-SHA224       = Y
-SHA224 HMAC  = Y
-SHA256       = Y
-SHA256 HMAC  = Y
-SHA384       = Y
-SHA384 HMAC  = Y
-SHA512       = Y
-SHA512 HMAC  = Y
-SNOW3G UIA2  = Y
-ZUC EIA3     = Y
+NULL            = Y
+AES GMAC        = Y
+KASUMI F9       = Y
+MD5             = Y
+MD5 HMAC        = Y
+SHA1            = Y
+SHA1 HMAC       = Y
+SHA224          = Y
+SHA224 HMAC     = Y
+SHA256          = Y
+SHA256 HMAC     = Y
+SHA384          = Y
+SHA384 HMAC     = Y
+SHA512          = Y
+SHA512 HMAC     = Y
+SNOW3G UIA2     = Y
+ZUC EIA3        = Y
+AES CMAC (128)  = Y
+AES CMAC (192)  = Y
+AES CMAC (256)  = Y
 
 ;
 ; Supported AEAD algorithms of 'cn10k' crypto driver.
diff --git a/doc/guides/cryptodevs/features/cn9k.ini b/doc/guides/cryptodevs/features/cn9k.ini
index d834659d29..f215ee045b 100644
--- a/doc/guides/cryptodevs/features/cn9k.ini
+++ b/doc/guides/cryptodevs/features/cn9k.ini
@@ -40,23 +40,26 @@ ZUC EEA3       = Y
 ; Supported authentication algorithms of 'cn9k' crypto driver.
 ;
 [Auth]
-NULL         = Y
-AES GMAC     = Y
-KASUMI F9    = Y
-MD5          = Y
-MD5 HMAC     = Y
-SHA1         = Y
-SHA1 HMAC    = Y
-SHA224       = Y
-SHA224 HMAC  = Y
-SHA256       = Y
-SHA256 HMAC  = Y
-SHA384       = Y
-SHA384 HMAC  = Y
-SHA512       = Y
-SHA512 HMAC  = Y
-SNOW3G UIA2  = Y
-ZUC EIA3     = Y
+NULL            = Y
+AES GMAC        = Y
+KASUMI F9       = Y
+MD5             = Y
+MD5 HMAC        = Y
+SHA1            = Y
+SHA1 HMAC       = Y
+SHA224          = Y
+SHA224 HMAC     = Y
+SHA256          = Y
+SHA256 HMAC     = Y
+SHA384          = Y
+SHA384 HMAC     = Y
+SHA512          = Y
+SHA512 HMAC     = Y
+SNOW3G UIA2     = Y
+ZUC EIA3        = Y
+AES CMAC (128)  = Y
+AES CMAC (192)  = Y
+AES CMAC (256)  = Y
 
 ;
 ; Supported AEAD algorithms of 'cn9k' crypto driver.
diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst
index f4579884ba..3bc0630c7c 100644
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -63,6 +63,7 @@ New Features
   * Added AES-CTR support in lookaside protocol (IPsec) for CN9K & CN10K.
   * Added NULL cipher support in lookaside protocol (IPsec) for CN9K & CN10K.
   * Added AES-XCBC support in lookaside protocol (IPsec) for CN9K & CN10K.
+  * Added AES-CMAC support in CN9K & CN10K.
 
 * **Added an API to retrieve event port id of ethdev Rx adapter.**
 
diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h
index 253575a635..145a1825bd 100644
--- a/drivers/common/cnxk/roc_se.h
+++ b/drivers/common/cnxk/roc_se.h
@@ -11,10 +11,10 @@
 #define ROC_SE_FC_MINOR_OP_DECRYPT    0x1
 #define ROC_SE_FC_MINOR_OP_HMAC_FIRST 0x10
 
-#define ROC_SE_MAJOR_OP_HASH	   0x34
-#define ROC_SE_MAJOR_OP_HMAC	   0x35
-#define ROC_SE_MAJOR_OP_ZUC_SNOW3G 0x37
-#define ROC_SE_MAJOR_OP_KASUMI	   0x38
+#define ROC_SE_MAJOR_OP_HASH   0x34
+#define ROC_SE_MAJOR_OP_HMAC   0x35
+#define ROC_SE_MAJOR_OP_PDCP   0x37
+#define ROC_SE_MAJOR_OP_KASUMI 0x38
 
 #define ROC_SE_MAJOR_OP_MISC		 0x01
 #define ROC_SE_MISC_MINOR_OP_PASSTHROUGH 0x03
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 69ee0d9028..457e166fc8 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -568,6 +568,26 @@ static const struct rte_cryptodev_capabilities caps_aes[] = {
 			}, }
 		}, }
 	},
+	{	/* AES CMAC */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_AES_CMAC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.digest_size = {
+					.min = 4,
+					.max = 4,
+					.increment = 0
+				},
+			}, }
+		}, }
+	},
 };
 
 static const struct rte_cryptodev_capabilities caps_kasumi[] = {
diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index a8cd2c5ce5..e988d57b94 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -73,11 +73,15 @@ pdcp_iv_copy(uint8_t *iv_d, uint8_t *iv_s, const uint8_t pdcp_alg_type,
 		for (j = 0; j < 4; j++)
 			iv_temp[j] = iv_s_temp[3 - j];
 		memcpy(iv_d, iv_temp, 16);
-	} else {
+	} else if (pdcp_alg_type == ROC_SE_PDCP_ALG_TYPE_ZUC) {
 		/* ZUC doesn't need a swap */
 		memcpy(iv_d, iv_s, 16);
 		if (pack_iv)
 			cpt_pack_iv(iv_s, iv_d);
+	} else {
+		/* AES-CMAC EIA2, microcode expects 16B zeroized IV */
+		for (j = 0; j < 4; j++)
+			iv_d[j] = 0;
 	}
 }
 
@@ -992,8 +996,8 @@ cpt_dec_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,
 }
 
 static __rte_always_inline int
-cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
-		    struct roc_se_fc_params *params, struct cpt_inst_s *inst)
+cpt_pdcp_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
+		  struct roc_se_fc_params *params, struct cpt_inst_s *inst)
 {
 	uint32_t size;
 	int32_t inputlen, outputlen;
@@ -1014,33 +1018,43 @@ cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
 	mac_len = se_ctx->mac_len;
 	pdcp_alg_type = se_ctx->pdcp_alg_type;
 
-	cpt_inst_w4.s.opcode_major = ROC_SE_MAJOR_OP_ZUC_SNOW3G;
-
+	cpt_inst_w4.s.opcode_major = ROC_SE_MAJOR_OP_PDCP;
 	cpt_inst_w4.s.opcode_minor = se_ctx->template_w4.s.opcode_minor;
 
 	if (flags == 0x1) {
 		iv_s = params->auth_iv_buf;
-		iv_len = params->auth_iv_len;
-
-		if (iv_len == 25) {
-			iv_len -= 2;
-			pack_iv = 1;
-		}
 
 		/*
 		 * Microcode expects offsets in bytes
 		 * TODO: Rounding off
 		 */
 		auth_data_len = ROC_SE_AUTH_DLEN(d_lens);
-
-		/* EIA3 or UIA2 */
 		auth_offset = ROC_SE_AUTH_OFFSET(d_offs);
-		auth_offset = auth_offset / 8;
 
-		/* consider iv len */
-		auth_offset += iv_len;
+		if (se_ctx->pdcp_alg_type != ROC_SE_PDCP_ALG_TYPE_AES_CTR) {
+			iv_len = params->auth_iv_len;
+
+			if (iv_len == 25) {
+				iv_len -= 2;
+				pack_iv = 1;
+			}
+
+			auth_offset = auth_offset / 8;
+
+			/* consider iv len */
+			auth_offset += iv_len;
+
+			inputlen =
+				auth_offset + (RTE_ALIGN(auth_data_len, 8) / 8);
+		} else {
+			iv_len = 16;
+
+			/* consider iv len */
+			auth_offset += iv_len;
+
+			inputlen = auth_offset + auth_data_len;
+		}
 
-		inputlen = auth_offset + (RTE_ALIGN(auth_data_len, 8) / 8);
 		outputlen = mac_len;
 
 		offset_ctrl = rte_cpu_to_be_64((uint64_t)auth_offset);
@@ -1056,7 +1070,6 @@ cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
 			pack_iv = 1;
 		}
 
-		/* EEA3 or UEA2 */
 		/*
 		 * Microcode expects offsets in bytes
 		 * TODO: Rounding off
@@ -1589,8 +1602,7 @@ cpt_fc_dec_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,
 	if (likely(fc_type == ROC_SE_FC_GEN)) {
 		ret = cpt_dec_hmac_prep(flags, d_offs, d_lens, fc_params, inst);
 	} else if (fc_type == ROC_SE_PDCP) {
-		ret = cpt_zuc_snow3g_prep(flags, d_offs, d_lens, fc_params,
-					  inst);
+		ret = cpt_pdcp_alg_prep(flags, d_offs, d_lens, fc_params, inst);
 	} else if (fc_type == ROC_SE_KASUMI) {
 		ret = cpt_kasumi_dec_prep(d_offs, d_lens, fc_params, inst);
 	}
@@ -1618,8 +1630,7 @@ cpt_fc_enc_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,
 	if (likely(fc_type == ROC_SE_FC_GEN)) {
 		ret = cpt_enc_hmac_prep(flags, d_offs, d_lens, fc_params, inst);
 	} else if (fc_type == ROC_SE_PDCP) {
-		ret = cpt_zuc_snow3g_prep(flags, d_offs, d_lens, fc_params,
-					  inst);
+		ret = cpt_pdcp_alg_prep(flags, d_offs, d_lens, fc_params, inst);
 	} else if (fc_type == ROC_SE_KASUMI) {
 		ret = cpt_kasumi_enc_prep(flags, d_offs, d_lens, fc_params,
 					  inst);
@@ -1883,8 +1894,11 @@ fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
 		auth_type = 0;
 		is_null = 1;
 		break;
-	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
 	case RTE_CRYPTO_AUTH_AES_CMAC:
+		auth_type = ROC_SE_AES_CMAC_EIA2;
+		zsk_flag = ROC_SE_ZS_IA;
+		break;
+	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
 	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
 		plt_dp_err("Crypto: Unsupported hash algo %u", a_form->algo);
 		return -1;