crypto/aesni_mb: support SNOW3G-UEA2/UIA2

Add support for SNOW3G-UEA2/UIA2 algorithms through the intel-ipsec-mb
job API, allowing the mix of these algorithms with others.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This commit is contained in:
Pablo de Lara 2020-10-09 11:29:53 +00:00 committed by Akhil Goyal
parent fd8df85487
commit 6c42e0cf4d
6 changed files with 105 additions and 9 deletions

View File

@ -36,6 +36,7 @@ Cipher algorithms:
* RTE_CRYPTO_CIPHER_AES192_ECB
* RTE_CRYPTO_CIPHER_AES256_ECB
* RTE_CRYPTO_CIPHER_ZUC_EEA3
* RTE_CRYPTO_CIPHER_SNOW3G_UEA2
Hash algorithms:
@ -54,6 +55,7 @@ Hash algorithms:
* RTE_CRYPTO_AUTH_SHA384
* RTE_CRYPTO_AUTH_SHA512
* RTE_CRYPTO_AUTH_ZUC_EIA3
* RTE_CRYPTO_AUTH_SNOW3G_UIA2
AEAD algorithms:

View File

@ -35,6 +35,7 @@ AES ECB (128) = Y
AES ECB (192) = Y
AES ECB (256) = Y
ZUC EEA3 = Y
SNOW3G UEA2 = Y
;
; Supported authentication algorithms of the 'aesni_mb' crypto driver.
@ -55,6 +56,7 @@ AES XCBC MAC = Y
AES CMAC (128) = Y
AES GMAC = Y
ZUC EIA3 = Y
SNOW3G UIA2 = Y
;
; Supported AEAD algorithms of the 'aesni_mb' crypto driver.

View File

@ -156,6 +156,7 @@ New Features
* Added support for AES-ECB 128, 192 and 256.
* Added support for ZUC-EEA3/EIA3 algorithms.
* Added support for SNOW3G-UEA2/UIA2 algorithms.
* **Updated Marvell NITROX symmetric crypto PMD.**

View File

@ -56,7 +56,8 @@ static const unsigned auth_blocksize[] = {
[PLAIN_SHA_384] = 128,
[PLAIN_SHA_512] = 128,
#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
[IMB_AUTH_ZUC_EIA3_BITLEN] = 16
[IMB_AUTH_ZUC_EIA3_BITLEN] = 16,
[IMB_AUTH_SNOW3G_UIA2_BITLEN] = 16
#endif
};
@ -90,7 +91,8 @@ static const unsigned auth_truncated_digest_byte_lengths[] = {
[PLAIN_SHA_384] = 48,
[PLAIN_SHA_512] = 64,
#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
[IMB_AUTH_ZUC_EIA3_BITLEN] = 4
[IMB_AUTH_ZUC_EIA3_BITLEN] = 4,
[IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4
#endif
};
@ -125,7 +127,8 @@ static const unsigned auth_digest_byte_lengths[] = {
[PLAIN_SHA_384] = 48,
[PLAIN_SHA_512] = 64,
#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
[IMB_AUTH_ZUC_EIA3_BITLEN] = 4
[IMB_AUTH_ZUC_EIA3_BITLEN] = 4,
[IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4
#endif
/**< Vector mode dependent pointer table of the multi-buffer APIs */
@ -238,6 +241,10 @@ struct aesni_mb_session {
/**< Expanded GCM key */
uint8_t zuc_cipher_key[16];
/**< ZUC cipher key */
#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
snow3g_key_schedule_t pKeySched_snow3g_cipher;
/**< SNOW3G scheduled cipher key */
#endif
};
} cipher;
@ -279,6 +286,10 @@ struct aesni_mb_session {
/**< Expanded XCBC authentication keys */
uint8_t zuc_auth_key[16];
/**< ZUC authentication key */
#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
snow3g_key_schedule_t pKeySched_snow3g_auth;
/**< SNOW3G scheduled authentication key */
#endif
};
/** Generated digest size by the Multi-buffer library */
uint16_t gen_digest_len;

View File

@ -266,6 +266,19 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
memcpy(sess->auth.zuc_auth_key, xform->auth.key.data, 16);
return 0;
} else if (xform->auth.algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2) {
sess->auth.algo = IMB_AUTH_SNOW3G_UIA2_BITLEN;
uint16_t snow3g_uia2_digest_len =
get_truncated_digest_byte_length(IMB_AUTH_SNOW3G_UIA2_BITLEN);
if (sess->auth.req_digest_len != snow3g_uia2_digest_len) {
AESNI_MB_LOG(ERR, "Invalid digest size\n");
return -EINVAL;
}
sess->auth.gen_digest_len = sess->auth.req_digest_len;
IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->auth.key.data,
&sess->auth.pKeySched_snow3g_auth);
return 0;
}
#endif
@ -403,6 +416,7 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
uint8_t is_docsis = 0;
#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
uint8_t is_zuc = 0;
uint8_t is_snow3g = 0;
#endif
if (xform == NULL) {
@ -463,6 +477,10 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
sess->cipher.mode = IMB_CIPHER_ZUC_EEA3;
is_zuc = 1;
break;
case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
sess->cipher.mode = IMB_CIPHER_SNOW3G_UEA2_BITLEN;
is_snow3g = 1;
break;
#endif
default:
AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter");
@ -571,6 +589,14 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
sess->cipher.key_length_in_bytes = 16;
memcpy(sess->cipher.zuc_cipher_key, xform->cipher.key.data,
16);
} else if (is_snow3g) {
if (xform->cipher.key.length != 16) {
AESNI_MB_LOG(ERR, "Invalid cipher key length");
return -EINVAL;
}
sess->cipher.key_length_in_bytes = 16;
IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->cipher.key.data,
&sess->cipher.pKeySched_snow3g_cipher);
#endif
} else {
if (xform->cipher.key.length != 8) {
@ -1220,6 +1246,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
job->u.ZUC_EIA3._iv = rte_crypto_op_ctod_offset(op, uint8_t *,
session->auth_iv.offset);
break;
case IMB_AUTH_SNOW3G_UIA2_BITLEN:
job->u.SNOW3G_UIA2._key = (void *) &session->auth.pKeySched_snow3g_auth;
job->u.SNOW3G_UIA2._iv = rte_crypto_op_ctod_offset(op, uint8_t *,
session->auth_iv.offset);
break;
#endif
default:
job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner;
@ -1238,10 +1269,19 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
}
}
if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC &&
session->cipher.mode == GCM))
m_offset = op->sym->aead.data.offset;
else
m_offset = op->sym->cipher.data.offset;
#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) {
job->aes_enc_key_expanded = session->cipher.zuc_cipher_key;
job->aes_dec_key_expanded = session->cipher.zuc_cipher_key;
} else if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN) {
job->enc_keys = &session->cipher.pKeySched_snow3g_cipher;
m_offset = 0;
}
#endif
@ -1259,12 +1299,6 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
oop = 1;
}
if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC &&
session->cipher.mode == GCM))
m_offset = op->sym->aead.data.offset;
else
m_offset = op->sym->cipher.data.offset;
/* Set digest output location */
if (job->hash_alg != NULL_HASH &&
session->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
@ -1333,6 +1367,7 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
break;
default:
/* For SNOW3G, length and offsets are already in bits */
job->cipher_start_src_offset_in_bytes =
op->sym->cipher.data.offset;
job->msg_len_to_cipher_in_bytes = op->sym->cipher.data.length;

View File

@ -561,6 +561,51 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
}, }
}, }
},
{ /* SNOW 3G (UIA2) */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
.block_size = 16,
.key_size = {
.min = 16,
.max = 16,
.increment = 0
},
.digest_size = {
.min = 4,
.max = 4,
.increment = 0
},
.iv_size = {
.min = 16,
.max = 16,
.increment = 0
}
}, }
}, }
},
{ /* SNOW 3G (UEA2) */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
{.cipher = {
.algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
.block_size = 16,
.key_size = {
.min = 16,
.max = 16,
.increment = 0
},
.iv_size = {
.min = 16,
.max = 16,
.increment = 0
}
}, }
}, }
},
#endif
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};