crypto/cnxk: support ZUC with 256-bit key

Added support for 256 bit key length for ZUC in crypto_cn10k PMD. Added support for digest length of 8 and 16 bytes for ZUC with 256 bit key length. Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com> Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-09-15 06:11:02 +00:00 · 2021-09-15 06:11:02 +00:00 · 29742632ac
commit 29742632ac
parent a90db80d7d
3 changed files with 48 additions and 6 deletions
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@ -107,6 +107,7 @@ New Features
  * Added Transport mode support in lookaside protocol (IPsec) for CN10K.
  * Added UDP encapsulation support in lookaside protocol (IPsec) for CN10K.
  * Added support for lookaside protocol (IPsec) offload for CN9K.
+  * Added support for ZUC algorithm with 256-bit key length for CN10K.

 * **Added support for event crypto adapter on Marvell CN10K and CN9K.**

--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@ -860,6 +860,38 @@ cpt_caps_add(struct rte_cryptodev_capabilities cnxk_caps[], int *cur_pos,
 	*cur_pos += nb_caps;
 }

+static void
+cn10k_crypto_caps_update(struct rte_cryptodev_capabilities cnxk_caps[])
+{
+
+	struct rte_cryptodev_capabilities *caps;
+	int i = 0;
+
+	while ((caps = &cnxk_caps[i++])->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		if ((caps->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC) &&
+		    (caps->sym.xform_type == RTE_CRYPTO_SYM_XFORM_CIPHER) &&
+		    (caps->sym.cipher.algo == RTE_CRYPTO_CIPHER_ZUC_EEA3)) {
+
+			caps->sym.cipher.key_size.max = 32;
+			caps->sym.cipher.key_size.increment = 16;
+			caps->sym.cipher.iv_size.max = 24;
+			caps->sym.cipher.iv_size.increment = 8;
+		}
+
+		if ((caps->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC) &&
+		    (caps->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH) &&
+		    (caps->sym.auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3)) {
+
+			caps->sym.auth.key_size.max = 32;
+			caps->sym.auth.key_size.increment = 16;
+			caps->sym.auth.digest_size.max = 16;
+			caps->sym.auth.digest_size.increment = 4;
+			caps->sym.auth.iv_size.max = 24;
+			caps->sym.auth.iv_size.increment = 8;
+		}
+	}
+}
+
 static void
 crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[],
 		     union cpt_eng_caps *hw_caps)
@ -876,6 +908,9 @@ crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[],

 	cpt_caps_add(cnxk_caps, &cur_pos, caps_null, RTE_DIM(caps_null));
 	cpt_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end));
+
+	if (roc_model_is_cn10k())
+		cn10k_crypto_caps_update(cnxk_caps);
 }

 const struct rte_cryptodev_capabilities *
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@ -980,7 +980,7 @@ cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
 	uint8_t pdcp_alg_type;
 	uint32_t encr_offset, auth_offset;
 	uint32_t encr_data_len, auth_data_len;
-	int flags, iv_len = 16;
+	int flags, iv_len;
 	uint64_t offset_ctrl;
 	uint64_t *offset_vaddr;
 	uint8_t *iv_s;
@ -996,6 +996,9 @@ cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
 	cpt_inst_w4.s.opcode_minor = se_ctx->template_w4.s.opcode_minor;

 	if (flags == 0x1) {
+		iv_s = params->auth_iv_buf;
+		iv_len = params->auth_iv_len;
+
 		/*
 		 * Microcode expects offsets in bytes
 		 * TODO: Rounding off
@ -1016,9 +1019,10 @@ cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,

 		encr_data_len = 0;
 		encr_offset = 0;
-
-		iv_s = params->auth_iv_buf;
 	} else {
+		iv_s = params->iv_buf;
+		iv_len = params->cipher_iv_len;
+
 		/* EEA3 or UEA2 */
 		/*
 		 * Microcode expects offsets in bytes
@ -1039,8 +1043,6 @@ cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,

 		auth_data_len = 0;
 		auth_offset = 0;
-
-		iv_s = params->iv_buf;
 	}

 	if (unlikely((encr_offset >> 16) || (auth_offset >> 8))) {
@ -1719,7 +1721,7 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
 		break;
 	case RTE_CRYPTO_CIPHER_ZUC_EEA3:
 		enc_type = ROC_SE_ZUC_EEA3;
-		cipher_key_len = 16;
+		cipher_key_len = c_form->key.length;
 		zsk_flag = ROC_SE_ZS_EA;
 		break;
 	case RTE_CRYPTO_CIPHER_AES_XTS:
@ -2069,6 +2071,9 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
 	uint32_t iv_buf[4];
 	int ret;

+	fc_params.cipher_iv_len = sess->iv_length;
+	fc_params.auth_iv_len = sess->auth_iv_length;
+
 	if (likely(sess->iv_length)) {
 		flags |= ROC_SE_VALID_IV_BUF;
 		fc_params.iv_buf = rte_crypto_op_ctod_offset(cop, uint8_t *,
@ -2379,6 +2384,7 @@ fill_digest_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
 		 */
 		d_offs = auth_range_off;
 		auth_range_off = 0;
+		params.auth_iv_len = sess->auth_iv_length;
 		params.auth_iv_buf = rte_crypto_op_ctod_offset(
 			cop, uint8_t *, sess->auth_iv_offset);
 		if (sess->zsk_flag == ROC_SE_K_F9) {