From: Pablo de Lara Date: Fri, 9 Oct 2020 12:05:21 +0000 (+0000) Subject: crypto/aesni_mb: support Chacha20-Poly1305 X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=010230a1543b99e34a3ef9676cedb08e316016c6;p=dpdk.git crypto/aesni_mb: support Chacha20-Poly1305 Add support for Chacha20-Poly1305 AEAD algorithm. Signed-off-by: Pablo de Lara --- diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index abc10fbda5..2ff264937c 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -63,6 +63,7 @@ AEAD algorithms: * RTE_CRYPTO_AEAD_AES_CCM * RTE_CRYPTO_AEAD_AES_GCM +* RTE_CRYPTO_AEAD_CHACHA20_POLY1305 Protocol offloads: diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index 6113e906a7..78d2dbdabe 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -64,11 +64,11 @@ KASUMI F9 = Y ; Supported AEAD algorithms of the 'aesni_mb' crypto driver. ; [AEAD] -AES CCM (128) = Y -AES GCM (128) = Y -AES GCM (192) = Y -AES GCM (256) = Y - +AES CCM (128) = Y +AES GCM (128) = Y +AES GCM (192) = Y +AES GCM (256) = Y +CHACHA20-POLY1305 = Y ; ; Supported Asymmetric algorithms of the 'aesni_mb' crypto driver. ; diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst index 80217a0920..097b255d1a 100644 --- a/doc/guides/rel_notes/release_20_11.rst +++ b/doc/guides/rel_notes/release_20_11.rst @@ -158,6 +158,7 @@ New Features * Added support for ZUC-EEA3/EIA3 algorithms. * Added support for SNOW3G-UEA2/UIA2 algorithms. * Added support for KASUMI-F8/F9 algorithms. + * Added support for Chacha20-Poly1305. * **Updated the aesni_gcm crypto PMD.** diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 7dbe40e025..42c23201ad 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -125,6 +125,18 @@ aesni_mb_get_chain_order(const struct rte_crypto_sym_xform *xform) return AESNI_MB_OP_NOT_SUPPORTED; } +static inline int +is_aead_algo(JOB_HASH_ALG hash_alg, JOB_CIPHER_MODE cipher_mode) +{ +#if IMB_VERSION(0, 54, 3) <= IMB_VERSION_NUM + return (hash_alg == IMB_AUTH_CHACHA20_POLY1305 || hash_alg == AES_CCM || + (hash_alg == AES_GMAC && cipher_mode == GCM)); +#else + return ((hash_alg == AES_GMAC && cipher_mode == GCM) || + hash_alg == AES_CCM); +#endif +} + /** Set session authentication parameters */ static int aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, @@ -721,6 +733,24 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr, } break; +#if IMB_VERSION(0, 54, 3) <= IMB_VERSION_NUM + case RTE_CRYPTO_AEAD_CHACHA20_POLY1305: + sess->cipher.mode = IMB_CIPHER_CHACHA20_POLY1305; + sess->auth.algo = IMB_AUTH_CHACHA20_POLY1305; + + if (xform->aead.key.length != 32) { + AESNI_MB_LOG(ERR, "Invalid key length"); + return -EINVAL; + } + sess->cipher.key_length_in_bytes = 32; + memcpy(sess->cipher.expanded_aes_keys.encode, + xform->aead.key.data, 32); + if (sess->auth.req_digest_len != 16) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } + break; +#endif default: AESNI_MB_LOG(ERR, "Unsupported aead mode parameter"); return -ENOTSUP; @@ -1220,6 +1250,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, /* Set authentication parameters */ job->hash_alg = session->auth.algo; + const int aead = is_aead_algo(job->hash_alg, job->cipher_mode); + switch (job->hash_alg) { case AES_XCBC: job->u.XCBC._k1_expanded = session->auth.xcbc.k1_expanded; @@ -1279,6 +1311,14 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, case IMB_AUTH_KASUMI_UIA1: job->u.KASUMI_UIA1._key = (void *) &session->auth.pKeySched_kasumi_auth; break; +#endif +#if IMB_VERSION(0, 54, 3) <= IMB_VERSION_NUM + case IMB_AUTH_CHACHA20_POLY1305: + job->u.CHACHA20_POLY1305.aad = op->sym->aead.aad.data; + job->u.CHACHA20_POLY1305.aad_len_in_bytes = session->aead.aad_len; + job->aes_enc_key_expanded = session->cipher.expanded_aes_keys.encode; + job->aes_dec_key_expanded = session->cipher.expanded_aes_keys.encode; + break; #endif default: job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner; @@ -1297,8 +1337,7 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } } - if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && - session->cipher.mode == GCM)) + if (aead) m_offset = op->sym->aead.data.offset; else m_offset = op->sym->cipher.data.offset; @@ -1336,8 +1375,7 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->auth_tag_output = qp->temp_digests[*digest_idx]; *digest_idx = (*digest_idx + 1) % MAX_JOBS; } else { - if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && - session->cipher.mode == GCM)) + if (aead) job->auth_tag_output = op->sym->aead.digest.data; else job->auth_tag_output = op->sym->auth.digest.data; @@ -1397,6 +1435,19 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, session->iv.offset); break; +#if IMB_VERSION(0, 54, 3) <= IMB_VERSION_NUM + case IMB_AUTH_CHACHA20_POLY1305: + job->cipher_start_src_offset_in_bytes = op->sym->aead.data.offset; + job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset; + job->msg_len_to_cipher_in_bytes = + op->sym->aead.data.length; + job->msg_len_to_hash_in_bytes = + op->sym->aead.data.length; + + job->iv = rte_crypto_op_ctod_offset(op, uint8_t *, + session->iv.offset); + break; +#endif default: /* For SNOW3G, length and offsets are already in bits */ job->cipher_start_src_offset_in_bytes = @@ -1595,9 +1646,7 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) break; if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { - if (job->hash_alg == AES_CCM || - (job->hash_alg == AES_GMAC && - sess->cipher.mode == GCM)) + if (is_aead_algo(job->hash_alg, sess->cipher.mode)) verify_digest(job, op->sym->aead.digest.data, sess->auth.req_digest_len, diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 46b8517a9f..81d3332dfe 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -647,6 +647,38 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, +#endif +#if IMB_VERSION(0, 54, 3) <= IMB_VERSION_NUM + { /* CHACHA20-POLY1305 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, + {.aead = { + .algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305, + .block_size = 64, + .key_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { + .min = 0, + .max = 240, + .increment = 1 + }, + .iv_size = { + .min = 12, + .max = 12, + .increment = 0 + }, + }, } + }, } + }, #endif RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() };