From 2ed12d9b63c6fef17c779426b4231fc4ed72105c Mon Sep 17 00:00:00 2001 From: Gagandeep Singh Date: Wed, 8 Sep 2021 12:29:47 +0530 Subject: [PATCH] crypto/dpaa_sec: support AES-CMAC integrity check This patch adds support for AES_CMAC integrity in non-security mode. Signed-off-by: Gagandeep Singh Acked-by: Akhil Goyal --- doc/guides/cryptodevs/features/dpaa_sec.ini | 1 + doc/guides/rel_notes/release_21_11.rst | 2 +- drivers/crypto/dpaa_sec/dpaa_sec.c | 10 +++++ drivers/crypto/dpaa_sec/dpaa_sec.h | 43 +++++++++++++++++++++ 4 files changed, 55 insertions(+), 1 deletion(-) diff --git a/doc/guides/cryptodevs/features/dpaa_sec.ini b/doc/guides/cryptodevs/features/dpaa_sec.ini index d7bc319373..6a8f77fb1d 100644 --- a/doc/guides/cryptodevs/features/dpaa_sec.ini +++ b/doc/guides/cryptodevs/features/dpaa_sec.ini @@ -48,6 +48,7 @@ SHA512 HMAC = Y SNOW3G UIA2 = Y ZUC EIA3 = Y AES XCBC MAC = Y +AES CMAC (128) = Y ; ; Supported AEAD algorithms of the 'dpaa_sec' crypto driver. diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index 2d1471c0d2..50e4fb1205 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -75,7 +75,7 @@ New Features * **Updated NXP dpaa_sec crypto PMD.** - * Added DES-CBC, AES-XCBC-MAC and non-HMAC algo support. + * Added DES-CBC, AES-XCBC-MAC, AES-CMAC and non-HMAC algo support. Removed Items diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c index 39456e461c..d6c101362a 100644 --- a/drivers/crypto/dpaa_sec/dpaa_sec.c +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c @@ -528,6 +528,7 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses) ses->digest_length); break; case RTE_CRYPTO_AUTH_AES_XCBC_MAC: + case RTE_CRYPTO_AUTH_AES_CMAC: shared_desc_len = cnstr_shdsc_aes_mac( cdb->sh_desc, true, swap, SHR_NEVER, @@ -2180,6 +2181,10 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused, session->auth_key.alg = OP_ALG_ALGSEL_AES; session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC; break; + case RTE_CRYPTO_AUTH_AES_CMAC: + session->auth_key.alg = OP_ALG_ALGSEL_AES; + session->auth_key.algmode = OP_ALG_AAI_CMAC; + break; default: DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u", xform->auth.algo); @@ -2265,6 +2270,10 @@ dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused, session->auth_key.alg = OP_ALG_ALGSEL_AES; session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC; break; + case RTE_CRYPTO_AUTH_AES_CMAC: + session->auth_key.alg = OP_ALG_ALGSEL_AES; + session->auth_key.algmode = OP_ALG_AAI_CMAC; + break; default: DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u", auth_xform->algo); @@ -2700,6 +2709,7 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform, break; case RTE_CRYPTO_AUTH_AES_CMAC: session->auth_key.alg = OP_PCL_IPSEC_AES_CMAC_96; + session->auth_key.algmode = OP_ALG_AAI_CMAC; break; case RTE_CRYPTO_AUTH_NULL: session->auth_key.alg = OP_PCL_IPSEC_HMAC_NULL; diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h index d500a4c246..c94d78e046 100644 --- a/drivers/crypto/dpaa_sec/dpaa_sec.h +++ b/drivers/crypto/dpaa_sec/dpaa_sec.h @@ -712,6 +712,49 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = { }, } }, } }, + { /* AES CMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_CMAC, + .block_size = 16, + .key_size = { + .min = 1, + .max = 16, + .increment = 1 + }, + .digest_size = { + .min = 12, + .max = 16, + .increment = 4 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* AES XCBC HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC, + .block_size = 16, + .key_size = { + .min = 1, + .max = 16, + .increment = 1 + }, + .digest_size = { + .min = 12, + .max = 16, + .increment = 4 + }, + .aad_size = { 0 }, + .iv_size = { 0 } + }, } + }, } + }, RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -- 2.20.1